Cyber Security Manager

Cyber Security Manager – Job DescriptionActs as a direct report to the CISO and supports the CISO in defining, executing, and maturing the organization’s cyber security strategy.Assists the CISO in aligning cyber security initiatives with business objectives, regulatory expectations, and risk appetite.Leads the implementation and ongoing management of the organization’s information security governance framework aligned with ISO 27001, regulatory guidelines, and internal policies.Drives enterprise-wide information security risk assessments, threat evaluations, and risk treatment plans.Develops, reviews, and maintains information security policies, standards, procedures, and baselines.Ensures compliance with applicable regulations such as the Master Directions from RBI and other regulator-issued cyber security / IT risk guidelines, and applicable data protection requirements.Serves as a key contributor during regulatory examinations, supervisory reviews, and external audits, including closure of observations and remediation tracking.Oversees IT General Controls (ITGC), security control testing, and audit readiness on a continuous basis.Provides oversight for security operations, including: Security monitoring and incident detectionIncident response coordination and root-cause analysisVulnerability management and penetration testing programsEnsures timely escalation, communication, and reporting of significant cyber security incidents to senior management and the CISO.Oversees and coordinates Business Continuity Planning (BCP) and Disaster Recovery (DR) activities, including: Review and maintenance of BCP/DR policies and plansParticipation in periodic BCP/DR drills and testingTracking issues, corrective actions, and reporting outcomes to managementSupports IT outsourcing governance, including: Reviewing security requirements for outsourced IT and cloud servicesEnsuring outsourcing arrangements meet regulatory and internal cyber security expectationsAssists in third-party and vendor risk management, including: Conducting and reviewing vendor security risk assessmentsEvaluating security controls of critical service providersSupporting contract reviews, SLAs, and ongoing vendor security monitoringDrives information security awareness and training programs across the organization.Advises business and technology teams on secure system design, data protection, and secure operations.Prepares and presents cyber security risk posture, metrics, audit status, and incident summaries to senior management and relevant forums.Collaborates closely with Legal, Compliance, Internal Audit, IT, and Business teams to ensure coordinated risk management.Keeps abreast of evolving cyber threats, regulatory developments, and industry best practices relevant to financial data and credit information ecosystems.Certifications (Preferred / Required)CISA and/or CISM (strongly preferred)ISO 27001 Lead Implementer/Auditor or equivalent (nice to have)Other relevant certifications (CISSP, CRISC) are a plus.EducationBachelor’s degree in engineering, Computer Science, Information Technology, or equivalent.Postgraduate qualifications in Information Security or Management are a plus.Key CompetenciesStrong risk-based decision-making abilityAbility to translate regulatory and technical requirements into practical controlsExcellent communication and stakeholder management skillsStructured, detail-oriented, and audit-ready mindset

Apply Now