Deputy Chief Information Security Officer - Banking/Financial Services

Job Title: Deputy Chief Information Security Officer (Deputy CISO)

Location: Kolkata, India

Industry: Banking & Financial Services

Experience: 10+ years in Information Security, Cybersecurity, or related fields

About the Job:

We are seeking a highly experienced and strategic Deputy Chief Information Security Officer (Deputy CISO) to join our dynamic team in Kolkata. This role is crucial in supporting the CISO to safeguard the bank's information assets and ensure robust cybersecurity posture in a rapidly evolving digital landscape. The Deputy CISO will play a pivotal role in developing, implementing, and managing the bank's cybersecurity strategy, ensuring compliance with regulatory requirements, and leading the incident response and threat management efforts. This position requires a strong leader with deep technical expertise, excellent communication skills, and a proven track record in the banking and financial services industry.

Key Responsibilities:

Strategic Security Management:

- Assist the CISO in defining, developing, and implementing the bank's comprehensive cybersecurity strategy aligned with business objectives.

- Ensure alignment with all relevant regulatory guidelines (RBI, SEBI, CERT-In, etc.) and global security standards (ISO 27001, NIST, PCI-DSS).

- Develop, maintain, and enforce bank-wide security policies, procedures, and frameworks to protect information assets.

- Contribute to the strategic planning and budgeting for cybersecurity initiatives.

Risk Management & Compliance:

- Conduct comprehensive risk assessments, vulnerability testing, and penetration testing to identify and mitigate potential security threats.

- Oversee and manage security audits, ensuring compliance with regulatory requirements and industry best practices.

- Lead the third-party risk management process, including vendor security evaluations and due diligence.

- Ensure strict adherence to the RBI cybersecurity framework, banking industry security regulations, and other relevant compliance standards.

Incident Response & Threat Management:

- Lead and manage the Security Operations Center (SOC) team, ensuring effective monitoring, detection, and response to security incidents.

- Develop and maintain incident response plans, conduct regular cyber drills, and coordinate post-incident analysis.

- Collaborate with law enforcement agencies and regulatory bodies in the event of security breaches and investigations.

- Maintain awareness of emerging threats and vulnerabilities, and proactively implement mitigation strategies.

Technology & Security Implementation:

- Oversee the deployment, management, and maintenance of critical security infrastructure, including firewalls, IDS/IPS, endpoint security, and encryption tools.

- Evaluate and implement new and emerging security technologies, such as SIEM, SOAR, Zero Trust Architecture, and threat intelligence platforms.

- Ensure the security of cloud computing environments, mobile banking platforms, and fraud prevention systems.

- Provide guidance and oversight for secure software development practices.

Leadership & Training:

- Develop and deliver comprehensive cybersecurity awareness training programs for employees and stakeholders.

- Manage, mentor, and develop the security team, fostering a culture of continuous improvement and excellence.

- Collaborate effectively with IT, risk, compliance, legal, and other relevant teams to strengthen cybersecurity governance and promote a security-first culture.

- Present security related information to senior management.

Qualifications & Skills:

Educational Requirements:

- Master's degree in Cybersecurity, Computer Science, Information Technology, or a related field.

- Bachelor's degree in similar fields also required.

- Additional certifications such as CISSP, CISM, CISA, CEH, CRISC are highly preferred.

Technical & Functional Expertise:

- Minimum of 10+ years of progressive experience in information security, cybersecurity, or related fields within the banking and financial services industry.

- Deep understanding of banking security regulations, digital banking risks, and fraud detection techniques.

- Extensive experience with SIEM, endpoint security, IAM, DLP, and cloud security solutions.

- Strong knowledge of network security, encryption, secure software development, and threat intelligence.

- Proven ability to manage and lead security teams and projects.

Soft Skills:

- Exceptional leadership and stakeholder management skills.

- Ability to effectively handle high-pressure security incidents and make sound decisions under pressure.

- Excellent communication, presentation, and interpersonal skills.

- Strong analytical and problem-solving abilities.

- Strategic thinking and the ability to translate technical concepts into business terms.

- Ability to work independently and as part of a team.