Chief Information Security Officer (CISO)

Grade

Divisional Manager/Assistant Vice President

Job Profile

1. Security Strategy & Planning:

a. Develop and implement a comprehensive information security strategy aligned with the organisations goals and objectives.

b. Conduct risk assessments and prioritize security initiatives based on business needs and risk exposure.

c. To develop stress testing mechanism to ensure cyber resilience

2. Policy, Reporting and Compliance:

a. To review and update information security policies, standards and procedures to ensure compliance with relevant regulations and standards w.r.t. IS and Cyber Security.

b. To review and to ensure implementation of IS Policy and recommend changes therein.

c. To ensure compliance with respect to organization specific information security policies, procedures, standards, guidelines and directives & advice of various regulators.

d. To appraise the management about the status of ISMS compliance, Global developments and necessary action points in the area of cyber security.

e. To define and report on information security related KPIs.

3. Incident Response and Management:

a. Lead incident response efforts during security breaches, coordinating with internal teams, external stakeholders and law enforcement as necessary.

4. Security architecture and design:

a. Provide guidance on the design and implementation of secure systems, networks and applications.

b. Conduct security architecture reviews and recommend improvements to enhance the overall security posture.

5. Business Continuity and Disaster Recovery Planning:

a. Maintain business continuity and disaster recovery plans to ensure the organization can continue operating in the event of a security incident or disaster.

b. Conduct regular testing and exercises to validate the effectiveness of these plans.

6. To manage the IT risks through formal Risk management methodology - Asset identification and management, Risk assessment, Vulnerability management and controls compliance.

7. Knowledge of common information security management standards and frameworks such as SEBI information security framework, ISO, SOC etc.

8. Assess, plan, evaluate and recommend new tools as a pro-active/reactive measure for maintaining cyber security posture of the company.

9. Audits and Reporting:

a. To co-ordinate IS Audit and ensure its compliance as defined in the policy.

b. Responsible for the certification audit and all subsequent surveillance audits.

10. Executive Leadership and Communication:

a. Serve as the primary point of contact and advisor on security matters for executive leadership and the Board of Directors.

b. Serve as part of internal committees for various activities such as and not limited to tool/platform assessment, advisory services

11. Security awareness & training:

a. Develop and deliver security awareness training programs to educate employees about security best practices and potential threats.

b. Promote a culture of security awareness and compliance throughout the organization.

12. Continuous Improvement:

a. Continuously assess the effectiveness of security controls and processes and identify areas for improvement, especially after each significant change to the IT applications/ systems/ networks as well as after any major incident.

b. Ensure information security across various devices, networks and infrastructure physical/ on premises/ cloud etc.

c. Anticipate, access and actively managing new and emerging threats related to information security.

d. To stay informed about global best practices and latest developments in the field of information security including technology, management practices and regulatory requirements.

13. Any other item will be as per mutual agreement

* Remark: Job profile mentioned above is illustrative in nature. Roles in addition to the above mentioned may be assigned by StockHolding from time to time for the above post.

Eligibility Criteria:

Age

Upper Age Limit : 55 Years as on 31st December, 2024

Lower Age Limit : 40 years as on 31st December, 2024

Educational Qualifications

Basic Qualifications:

Must have full-time Masters or Bachelors degree in Engineering disciplines namely Electronics & Telecommunications/ Computer Science/ Electronics & Electrical/ Information Technology/ Electronics & Communication or Masters in Computer Application from a University/ Institute recognized by Government of India or its Regulatory bodies. Preferably with specialization in information security/ IT Risk Management/ Cyber Security etc.

Professional Qualifications (Preferred):

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified Chief Information Security Officer (CCISO)

Certified Information Systems Auditor (CISA)

International CISO Certification is desirable.

Work Experience

Candidate must have overall work experience of 15 years (Post Basic qualifications) of which at least 05 years should preferably in the BFSI segment and at least 5 years in Information Security field in a Supervisory Role.

*Note: Experience to be reckoned as on 31st December, 2024

Term of Contract: 3 Years

Last Date for Submission of Application is 20th February, 2025