Role Description
We are seeking a cyber security professional who is responsible for providing strategic and technical leadership across cybersecurity engineering, architecture, and governance functions.
This position ensures the design, implementation, and oversight of robust security controls while driving adoption of new security technologies through structured evaluations and proof-of-concepts.
The role plays a critical part in strengthening the organizations cyber resilience by governing SOC operations, vulnerability management programs, cyber drills, and continuous monitoring of the external attack surface and brand threats.
It also ensures strong alignment with regulatory and audit requirements, including SEBI and ISO standards, while serving as a key stakeholder interface for senior management, auditors, and regulators.
Key Responsibilities
- Design, review and govern enterprise-wide security architectures across on-prem, cloud, and hybrid environments.
- Evaluate, implement and optimize security technologies aligned with organizational risk posture.
- Drive security design reviews for new applications, infrastructure and platforms.
- Lead evaluation of emerging security technologies through structured POCs.
- Assess effectiveness, scalability and regulatory compliance of new security solutions.
- Provide recommendations for technology adoption and roadmap alignment.
- Establish and enforce cybersecurity governance frameworks, standards and control baselines.
- Ensure alignment of security controls with business, regulatory and risk requirements.
- Provide oversight on security deviations, exceptions, and risk acceptance.
- Own and manage enterprise vulnerability assessment and remediation programs.
- Oversee internal and external VA/PT activities and track remediation metrics.
- Ensure timely closure of vulnerabilities based on risk prioritization.
- Provide governance oversight for SOC operations, monitoring effectiveness and incident response readiness.
- Define KPIs, SLAs and reporting mechanisms for SOC performance.
- Plan and conduct periodic cyber security drills, tabletop exercises and simulated attack scenarios.
- Oversee external attack surface monitoring to identify exposed assets and potential threats.
- Manage brand monitoring programs to detect phishing, impersonation, and reputation risks.
- Coordinate with internal and external stakeholders for mitigation actions.
- Ensure compliance with SEBI cybersecurity and cyber resilience requirements.
- Lead and support ISO 27001 compliance and risk assessments.
- Interface with auditors, regulators and internal stakeholders for assessments and closures.
Qualifications And Experience
- 12 to 15 years of progressive experience in cybersecurity, including security engineering, architecture, governance, risk management, and audit.
- Proven experience in designing and governing enterprise security architectures and leading complex security initiatives.
- Strong hands-on and governance experience across vulnerability management, SOC oversight, incident response, and cyber resilience programs.
- In-depth understanding of regulatory and compliance requirements, particularly SEBI cybersecurity frameworks and ISO 27001, ISO 27005, and ISO 31000 standards.
- Demonstrated ability to lead cross-functional teams and engage effectively with senior stakeholders, auditors, and regulators.
- Bachelors or Masters degree in Engineering, Computer Science, Information Security, or a related discipline.
- Professional certifications such as CISSP, CISM, CCSP, ISO 27001 Lead Auditor/Implementer, or equivalent are highly desirable.
(ref:hirist.tech)
