Cyber Security Manager – Job Description
- Acts as a direct report to the CISO and supports the CISO in defining, executing, and maturing the organization's cyber security strategy.
- Assists the CISO in aligning cyber security initiatives with business objectives, regulatory expectations, and risk appetite.
- Leads the implementation and ongoing management of the organization's information security governance framework aligned with ISO 27001, regulatory guidelines, and internal policies.
- Drives enterprise-wide information security risk assessments, threat evaluations, and risk treatment plans.
- Develops, reviews, and maintains information security policies, standards, procedures, and baselines.
- Ensures compliance with applicable regulations such as the Master Directions from RBI and other regulator-issued cyber security / IT risk guidelines, and applicable data protection requirements.
- Serves as a key contributor during regulatory examinations, supervisory reviews, and external audits, including closure of observations and remediation tracking.
- Oversees IT General Controls (ITGC), security control testing, and audit readiness on a continuous basis.
- Provides oversight for security operations, including:
- Security monitoring and incident detection
- Incident response coordination and root-cause analysis
- Vulnerability management and penetration testing programs
- Ensures timely escalation, communication, and reporting of significant cyber security incidents to senior management and the CISO.
- Oversees and coordinates Business Continuity Planning (BCP) and Disaster Recovery (DR) activities, including:
- Review and maintenance of BCP/DR policies and plans
- Participation in periodic BCP/DR drills and testing
- Tracking issues, corrective actions, and reporting outcomes to management
- Supports IT outsourcing governance, including:
- Reviewing security requirements for outsourced IT and cloud services
- Ensuring outsourcing arrangements meet regulatory and internal cyber security expectations
- Assists in third-party and vendor risk management, including:
- Conducting and reviewing vendor security risk assessments
- Evaluating security controls of critical service providers
- Supporting contract reviews, SLAs, and ongoing vendor security monitoring
- Drives information security awareness and training programs across the organization.
- Advises business and technology teams on secure system design, data protection, and secure operations.
- Prepares and presents cyber security risk posture, metrics, audit status, and incident summaries to senior management and relevant forums.
- Collaborates closely with Legal, Compliance, Internal Audit, IT, and Business teams to ensure coordinated risk management.
- Keeps abreast of evolving cyber threats, regulatory developments, and industry best practices relevant to financial data and credit information ecosystems.
Certifications (Preferred / Required)
- CISA and/or CISM (strongly preferred)
- ISO 27001 Lead Implementer/Auditor or equivalent (nice to have)
- Other relevant certifications (CISSP, CRISC) are a plus.
Education
- Bachelor's degree in engineering, Computer Science, Information Technology, or equivalent.
- Postgraduate qualifications in Information Security or Management are a plus.
Key Competencies
- Strong risk-based decision-making ability
- Ability to translate regulatory and technical requirements into practical controls
- Excellent communication and stakeholder management skills
- Structured, detail-oriented, and audit-ready mindset
