Deputy General Manager - Global Information Security

1. Job Title

Deputy General Manager (DGM) Cyber Security Governance, Risk, and Compliance (GRC)

2. Role Summary

The Deputy General Manager of Cyber Security GRC is a high-impact leadership position responsible for the strategic design, implementation, and oversight of the enterprise-wide Cyber Security Risk and Governance Framework. Operating within a complex global environment encompassing 10+ product lines and 39+ global locations, this leader serves as the primary custodian of organizational trust, ensuring that security posture is not only compliant with international standards like ISO 27001 and SOC 2 Type II but also aligned with evolving global regulations and business objectives.

This is a business-aligned leadership role that bridges the gap between technical security requirements and executive decision-making. The DGM will orchestrate a sophisticated assurance ecosystembalancing internal governance, third-party risk, and customer-facing security transparencyto provide the Board and CXOs with a consolidated, intelligence-driven view of the organizations cyber risk profile.

3. Key Responsibilities

Strategic Responsibilities

• Governance Architecture: Define and evolve the enterprise GRC operating model to support digital products, cloud platforms, and telecom infrastructure.
• Strategic Alignment: Align the cyber security roadmap with global regulatory shifts (DORA, GDPR, DPDP) and business growth objectives.
• Business Security & Privacy Office (BSPO): Direct the governance of the BSPO framework to embed security and privacy-by-design across all business units.

Governance & Compliance Responsibilities

• Multi-Standard Oversight: Lead the end-to-end certification lifecycle for ISO 27001 and SOC 2 Type II across 39 global locations and 10+ product portfolios.
• Lab & Specialized Environment Governance: Establish and govern compliance frameworks for Lab networks, ensuring technology and process assurance through rigorous auditing.
• Policy Orchestration: Maintain and enforce the Enterprise Information Security Management System (ISMS), ensuring relevance in a multi-cloud and managed services environment.

Risk Management Responsibilities

• Enterprise Risk Ownership: Own the Cyber Security Risk Management Framework, overseeing the full lifecycle from identification to executive risk acceptance.
• Risk Consolidation: Synthesize disparate risk data into a unified enterprise risk register, providing a single pane of glass view for senior management.
• Quantitative Risk Analysis: Shift risk reporting from qualitative assessments to data-driven, actionable risk intelligence.

Stakeholder & Customer Assurance Responsibilities

• Customer Trust Leadership: Act as the executive point of contact for customer security assurance, leading responses to complex RFPs, RFIs, and security questionnaires.
• Sales Enablement: Partner with business development teams to articulate the organizations security value proposition to Tier-1 global clients.

Audit & Regulatory Responsibilities

• 360-Degree Audit Governance: Manage the execution of 1st-party (internal), 2nd-party (customer/vendor), and 3rd-party (certification/regulatory) audits.
• Third-Party Risk Management (TPRM): Govern the Security for Suppliers framework to ensure the supply chain adheres to enterprise resilience standards.
• Regulatory Liaison: Manage interactions with global regulators and legal teams to ensure compliance with critical infrastructure and data protection mandates.

Leadership & Reporting Responsibilities

• Executive Reporting: Develop and present board-level dashboards, KRIs, and KPIs that translate technical risk into business impact.
• Cross-Functional Influence: Collaborate with Legal, Procurement, Product Engineering, and IT leadership to drive a culture of accountable governance.

4. Required Qualifications & Experience

• Experience: 1825+ years of progressive experience in Information Security, with at least 8 years in a senior GRC leadership capacity within a global enterprise.
• Education: Bachelors/Masters degree in Computer Science, Information Technology, or a related field. MBA or advanced management degree is highly preferred.
• Industry Background: Proven track record in Telecom, Managed Services, Cloud Platforms, or highly regulated global industries.

5. Technical & Regulatory Expertise

• Framework Mastery: Expert-level knowledge of ISO 27001, SOC 2 Type II, NIST CSF, and Cloud Security principles.
• Regulatory Command: Deep understanding of GDPR, DORA, Indias DPDP Act, and international telecom security regulations.
• Ecosystem Knowledge: Familiarity with the security challenges of Lab environments, CI/CD pipelines, and hybrid-cloud architectures.

6. Leadership Competencies

• Executive Presence: Ability to engage and influence CXOs, Board members, and external Regulators.
• Strategic Vision: Capacity to anticipate industry trends and pivot governance frameworks accordingly.
• Conflict Resolution: Proven ability to balance stringent security requirements with business agility and speed-to-market.

7. Preferred Certifications

• Core: CISSP, CISM, or CRISC.
• Audit/Governance: CISA, ISO 27001 Lead Auditor/Implementer.
• Cloud/Privacy: CCSK, CCSP, or CIPP/E.

8. Success Indicators / KPIs

• Zero Critical Non-Conformities: Successful maintenance of all ISO 27001 and SOC 2 certifications across all locations.
• Assurance Cycle Time: Reduction in lead time for responding to customer security RFPs and audits.
• Risk Mitigation Efficacy: Measurable improvement in the organizations risk posture through the closure of high-impact risk items.
• TPRM Maturity: Percentage of critical suppliers verified against the Security for Suppliers framework.
• Stakeholder Satisfaction: Positive feedback from business unit leaders on the clarity and utility of GRC reporting.