Chief Information Security Officer (CISO)

As the Chief Information Security Officer (CISO) for HugoBank, a cloud-native digital bank operating in Pakistan, one will play a pivotal leadership role in safeguarding the bank's digital ecosystem. The CISO is responsible for defining and executing the enterprise information security strategy, managing cyber and technology risks, and ensuring compliance with applicable regulatory and supervisory requirements. This role ensures the confidentiality, integrity, and availability of customer data, critical systems, and bank assets across cloud (AWS), on-premises, and third-party environments.

DUTIES & RESPONSIBILITIES:

Information Security Strategy & Governance

• Define and execute the bank's enterprise information security strategy and governance framework, ensuring alignment with business objectives, cloud-native architecture, and regulatory requirements
• Provide oversight and reporting of information security risks, controls, and posture to senior management and the Board, embedding security into enterprise risk management and decision-making
  
  

Risk Management & Compliance

• Identify, assess, and prioritize security risks, implementing measures to mitigate vulnerabilities
• Ensure ongoing compliance with applicable regulatory, legal, and industry requirements, and act as the primary interface for information security matters with regulators, auditors, and internal risk and compliance functions
  
  

Security Operations

• Oversee day-to-day security operations including incident response, threat detection, and vulnerability management
• Develop and maintain an incident response plan to ensure timely and effective handling of security incidents or breaches
  
  

Security Architecture & Vendor Management

• Define and govern the bank's security architecture, ensuring secure-by-design controls across cloud-native platforms, applications, infrastructure, and data environments
• Oversee third-party and vendor security risk management, including due diligence, onboarding, continuous monitoring, and contractual security obligations for critical and outsourced services
  
  

Security Awareness & Culture

• To promote a culture of security awareness through training and communication, embedding security responsibility across the organization
  
  

Budget & Resource Management

• Manage the cybersecurity budget, ensuring efficient allocation and utilization of resources
  
  

Access Management & Controls

• Define and enforce access management policies, including user-provisioning, de-provisioning and privileged access controls
• Implement and maintain a trusted software list, regularly reviewing and updating controls
• Evaluate employee software requests and ensure all tools meet internal security standards.
  
  

Security tools and the evolving ecosystem

• Define and continuously evolve the bank's information security tooling and platforms (e.g., IAM, SIEM/SOC, EDR/XDR, PAM, DLP, cloud security, application security), ensuring effective coverage, integration, and scalability as the bank grows
  
  

ROLE RELATIONSHIP:

Internal

• Executive Leadership
• IT and Operation Teams
• Compliance and Risk Management
• Internal Audit
  
  

External

• Regulatory Authorities (SBP)
• Security Vendors and Consultants
• Third-Party Partners & Auditors
  
  

Requirements

• Bachelor's or Master's degree in Information Security, Cybersecurity, or related field.
• Industry certifications such as CISSP, CISM, or CISA are highly desirable.
• Minimum 15 years of experience in Information Security or related domains
• Proven leadership experience in senior information security roles, preferably in the financial sector
• In-depth knowledge of cybersecurity principles, technologies, and regulatory frameworks
• Banking or FinTech experience prefered