IT CYBER SECURITY (CISO)

job summary

The purpose of the position is to manage, support, and coordinate all information security activities and programs for the branch. He / she shall be primarily responsible for ensuring compliance to various instructions issued by the RBI on information / cyber security via process re-engineering and documentation. The purpose of this position to manage, support and coordinate all Information Security activities, programs and initiatives of the Bank.

Work Responsibilities – Manager / Senior Manager (I.T. Cyber Security)

Information Security Governance

Responsible for maintaining and periodically updating Information Security Policies in alignment with organizational, regulatory, and RBI guidelines.

Monitoring and ensuring compliance with statutory and regulatory frameworks, including RBI, NPCI, and CERT-In directives.

Security Awareness and Training

Designing and conducting the Information Security Training and Awareness Program for all staff.

Ensuring security awareness through multiple communication channels such as e-learning modules, mailers, and awareness sessions.

Risk, Continuity, and Vendor Management

Active participation in the development, implementation, and maintenance of Business Continuity Plans (BCP), Disaster Recovery (DR) plans, and Vendor Risk Assessment policies.

Periodically testing and reviewing DR drills, ensuring alignment with RBI's Cyber Security Framework.

Information Security and IT Risk Management

Developing, implementing, and monitoring a comprehensive enterprise-wide Information Security and IT Risk Management program.

Overseeing security controls, vulnerability management, and threat mitigation strategies.

Technical Oversight and Problem Management

Hands-on experience in Incident Management, Problem Management, Change Management, and Critical Incident Handling.

Driving technical troubleshooting, coordinating escalations, managing communication, ensuring timely resolution, and preparing detailed RCA (Root Cause Analysis) reports.

System and Application Monitoring

Monitoring daily server logs, applications, and infrastructure health to maintain 99.9% system uptime.

Ensuring preventive maintenance and prompt resolution of issues affecting business continuity.

Documentation and Process Management

Preparing and maintaining detailed IT procedural documentation, user manuals, and operational guidelines.

Maintaining updated documentation for IT Security compliance and audit readiness.

Audit and Compliance Coordination

Coordinating and tracking all IT and Security-related audits (RBI, NPCI, IS Audit, VAPT, and internal / external audits).

Ensuring timely closure of audit observations and submission of compliance reports to regulatory authorities.

Data Classification and Protection

Conducting Data Classification Assessments and enforcing data protection controls in line with regulatory norms.

Security Responsibilities

Ensuring compliance with RBI's Cyber Security Framework and IT Governance requirements.

Overseeing cyber incident detection, response, and timely reporting to RBI and CERT-In.

Coordinating quarterly Cyber Security Posture Assessments and follow-up of mitigation actions.

Supervising vendor risk management, access control, endpoint protection, and network segmentation.

Preparing and submitting quarterly cyber security compliance reports, and participating in RBI's IT / Cyber Security examinations.

Data Privacy

Implementing Data privacy frameworks for collection, processing, storage, and sharing of personal data.

Ensuring lawful processing of personal data and obtaining consent in accordance with regulatory requirements.

Monitoring data retention and deletion policies to prevent unauthorized retention of personal data.

Conducting Privacy Impact Assessments (PIA) for new systems or applications handling personal data.

Ensuring timely reporting and response in case of personal data breach incidents, as per DPDP notification requirements.

Leading staff sensitization programs on data privacy principles, lawful use, and user rights under the DPDP Act.

Maintaining and reviewing Data Protection Policy, Consent Management Mechanism, and Data Subject Rights procedures.

Overall IT Governance and Reporting

Supporting IT leadership in the evaluation and adoption of emerging technologies while balancing security and operational efficiency.

Clearly articulating pros and cons of technical solutions and documenting use cases, solution architectures, and recommendations for management review.

desired skills

BE or MCA Degree in computer science or related field

5 – 8 years, experience in information security & IT risk management

Banking background necessary, especially experience in foreign banks

Reporting / writing skills, ability to draft replies to the regulatory authorities

Strong knowledge of Information Security concepts including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Third Party IS Assessment, Secure Configurations, Patch Management, etc.

Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc

Excellent diagnostic and problem-solving skills along with documentation

Excellent communication ability, collaboration skills, ownership and accountability