Chief Information Security Officer (CISO)

indbank global support services limited

Chennai, India

5-7 Years

Save

Posted 19 hours ago
Be among the first 10 applicants

Early Applicant

Job Description

Job Title: Chief Information Security Officer (CISO)

Location: Chennai, Tamil Nadu

Experience

Total IT Experience: 5+ years
Relevant Information Security Experience: 3–5 years
Preferred Domain: BFSI / Banking / Financial Services
Budget – 10-12 LPA.

Reporting To

MD&CEO/ Deputy CEO.
Functional coordination with Parent Bank CISO/ ITD.

Role Overview

The Chief Information Security Officer (CISO) is responsible for establishing, managing, and continuously enhancing the Information Security and Cyber Security posture of the Bank. The role covers security governance, risk management, regulatory compliance, incident response, SOC oversight, and board-level reporting, ensuring alignment with business objectives and regulatory mandates. Responsible for end-to-end information security governance, technical security operations, regulatory compliance, and audit management. This role requires strong hands-on technical capability, combined with the ability to interface with regulators, internal committees, senior management, and the parent bank.

Key Responsibilities

Cybersecurity Risk Management
Identify, evaluate, and report cybersecurity vulnerabilities and risks faced by the Bank.
Ensure timely mitigation and risk treatment planning.
Present emerging cyber threats and residual risks to senior management and the Board.
Information Security Governance
Own and manage Information Security Policies, Procedures, Standards, SOPs, and Guidelines.
Periodic review and updates aligned to:

RBI / CERT-In guidelines
ISO/IEC 27001
Parent bank security policies

Ensure organization-wide policy awareness and compliance.
Security Technology Management (Hands-on)
Email Security

Configuration, monitoring, and tuning (Defender, gateway solutions, anti-phishing, anti-spam).

Firewall & Network Security

Firewall rule management, security hardening, and review.

Endpoint Security

Antivirus / EDR configuration and monitoring.
ManageEngine Endpoint Central administration.

Microsoft Security Stack

Azure Administration.
Entra ID (Azure AD) – IAM, Conditional Access, MFA.
Security baselines and access reviews.

Evaluate, implement, and configure new security tools.
Continuous improvement of existing security tools and configurations.
Ensure group-level policies and directives are implemented locally.
Identity & Access Management
Role-based access control (RBAC).
Privileged access reviews.
User lifecycle management and periodic access audits.
Audit & Compliance Management
Handle internal IT audits and external audits.

RBI / CERT-In.
Statutory Auditors.
Parent Bank Auditors.
IS Audit / ISO audits.

Coordinate audit responses, evidence collection, and closure of findings.
Track and manage audit observations and remediation plans.
Incident Response & CSIRT Management
Coordinate and supervise Cyber Security Incident Response Teams (CSIRT).
Lead Information Security Incident Response Management.
Ensure structured incident detection, investigation, containment, recovery, and closure.
Support forensic investigation and regulatory reporting where applicable.
Stakeholder & Parent Bank Coordination
Act as the primary security SPOC for the Parent Bank.
Regular interaction with Parent Bank CISO for guidance and alignment.
Committee & Board-Level Engagement
Prepare and present security updates for:

IT / IS Committee
Risk Management Committee
Board / Board-level subcommittees

Coordinate with departments of parent bank for new technology, product and process onboarding. Provide clearance to each new process and change management.
Create dashboards, metrics, and executive-level reports.
Provide clear risk-based communication to Committee and Board.
Policy, Strategy & Compliance
Create, maintain, and disseminate:

Information Security Strategy.
Information Security Policies, Standards, Procedures, and Plans.

Ensure compliance with:

Regulatory guidelines.
Legal requirements.
Industry best practices.

Maintain alignment with parent bank / group security policies (where applicable).
Exception & Deviation Management
Assess proposed exceptions / deviations from security policies.
Conduct thorough risk assessments for exceptions.
Submit recommendations and risk acceptance notes to top management / Board for approval.
Security Violations & Investigations
Define and maintain criteria for security violations.
Support investigative processes for violations and incidents.
Ensure corrective and preventive actions are implemented.
Security Architecture & Framework
Design, implement, and maintain a robust Information Security and Cyber Security framework.
Define target security architecture aligned to business growth and digital initiatives.
Ensure scalability, resilience, and regulatory compliance.
Security Awareness & Culture
Oversee development and execution of Information Security Awareness Programs.
Promote a strong security-conscious culture across the organization.
Conduct periodic training for employees, management, and critical stakeholders.
Continuous Improvement & Best Practices
Stay current with: