Job Title

Experience Required: 10–15 years in Information Security, IT Infrastructure, Governance, Risk & Compliance (GRC)Position Overview:The Deputy Chief Information Security Officer (Dy. CISO) will be responsible for establishing, implementing, and managing the organization’s information security strategy, governance framework, and cybersecurity programs. This includes driving security initiatives across IT infrastructure, cloud environments, applications, and business operations.The role requires strong expertise in cybersecurity, IT compliance, audits, risk management, vendor governance, and infrastructure security. The Dy. CISO will work closely with senior leadership, department heads, and technology teams to ensure that security controls, policies, and risk frameworks are embedded across the organization.The Dy. CISO will also lead efforts in incident response, business continuity, network and server security, and regulatory compliance to ensure a robust security posture that aligns with business goals and industry standards.Key Responsibilities:1. Information Security Governance & StrategyDefine, establish, and implement the organization’s information security strategy, policies, and control frameworks.Ensure alignment with global standards such as ISO 27001, NIST CSF, SOC 2, GDPR, RBI, CERT-In, or industry-specific regulations.Conduct periodic reviews of security posture and drive continuous improvement.Lead enterprise-wide security awareness and training initiatives.2. Risk Management & IT ComplianceConduct Information Security Risk Assessments (ISRA) and define mitigation strategies.Drive compliance with regulatory, contractual, and industry security requirements.Lead internal IT audits and prepare the organization for external audits (ISO, SOC 2, PCI-DSS, etc.).Maintain documentation of controls, audit evidence, and compliance dashboards.3. Security Operations & Incident ResponseOversee security operations including SIEM monitoring, endpoint protection, threat intelligence, and vulnerability management.Establish, maintain, and improve Incident Response Procedures (IRP).Lead incident handling, investigations, root cause analysis, and post-incident reporting.Coordinate with internal teams and external stakeholders during major incidents.4. IT Infrastructure & Network SecurityOversee the security of servers, networks, cloud environments, data centers, and virtual environments.Ensure timely patching, hardening, and secure configuration of infrastructure components.Manage and optimize firewalls, WAF, IDS/IPS, DLP, EDR, access management, and other security technologies.Support secure digitization initiatives (e.g., Zoho, SAP) ensuring compliance with security architecture principles.5. Asset & Inventory Security ManagementManage the complete lifecycle of IT assets including procurement, installation, monitoring, and decommissioning.Ensure accurate tracking of hardware, software, licenses, and enforce asset security controls.Conduct periodic inventory audits and ensure compliance with internal policies.6. Vendor & Third-Party Security ManagementEvaluate, onboard, and monitor third-party vendors from a security and compliance perspective.Review and negotiate SLAs, security clauses, data protection terms, and risk responsibilities.Ensure vendors meet performance, security, and compliance requirements.7. Business Continuity & Disaster RecoveryDevelop, implement, and periodically test Business Continuity Plans (BCP) and Disaster Recovery (DR) frameworks.Coordinate backup strategies and ensure secure backup and restoration processes.Lead DR drills, review outcomes, and drive improvements.8. People Leadership & Technical OversightProvide leadership to IT and security teams responsible for infrastructure management and cybersecurity operations.Mentor team members, build capabilities, and drive a strong security culture across the organization.Guide teams in complex technical troubleshooting and escalate issues as needed.9. Reporting & DocumentationPresent regular security status reports, risk dashboards, and audit summaries to senior management.Maintain documentation for policies, procedures, architecture diagrams, assets, controls, and incidents.Track KPIs, KRIs, and compliance metrics for continuous improvement.Qualifications & Skills:Bachelor’s degree in computer science, Information Technology, Cybersecurity, or equivalent.Master’s degree (MBA/Information Security) is a plus.10–15 years of experience in Information Security, IT Infrastructure, Audits, and Compliance.Preferred certifications:CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, CEH, CCSP, ITIL, PMP or equivalent.Strong understanding of security frameworks (ISO 27001, NIST, CIS Controls).Experience in cloud security, vulnerability management, and infrastructure hardening.Proven ability to manage multi-vendor environments and large-scale IT/security projects.Excellent leadership, communication, and problem-solving skillsKey SkillsInformation Security GovernanceCybersecurity Strategy & LeadershipIT Compliance & AuditsRisk Management (GRC)Security Operations & Incident ResponseIT Infrastructure & Network SecurityVendor & Asset ManagementBusiness Continuity & Disaster RecoveryTeam Leadership & Stakeholder Collaboration