Chief Information Security officer (CISO)-(PHR/1032/5)

Job Description

Purpose of the Role:

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The role involves leading the organization’s cybersecurity initiatives, mitigating risks, and ensuring compliance with regulatory requirements. The CISO will work closely with executive leadership to align security strategy with business objectives, safeguard sensitive data, and strengthen the organization’s overall security posture.

Key Responsibilities (Functional Competencies):

1. Information Security Strategy & Governance

• Develop and implement a comprehensive information security strategy aligned with business objectives.
• Establish policies, procedures, and standards to maintain a robust security posture.
• Ensure security governance frameworks are effectively applied across the organization.

2. Risk Management & Compliance

• Identify, assess, and mitigate information security risks.
• Ensure compliance with relevant regulations and standards (ISO 27001, NIST, GDPR, PCI-DSS).
• Conduct regular audits, assessments, and reporting to senior management.

3. Incident Response & Threat Management

• Lead incident response planning and investigations of security breaches.
• Monitor emerging threats and implement proactive measures to prevent incidents.
• Develop business continuity and disaster recovery plans to safeguard critical assets.

4. Leadership & Team Management

• Lead, mentor, and manage the information security team.
• Promote a security-aware culture throughout the organization.
• Collaborate with IT, legal, and business teams to embed security in processes and projects.

5. Communication & Advisory

• Advise executive leadership and board members on security strategy and investments.
• Report on security metrics, risks, and trends to stakeholders.
• Serve as the organization’s primary point of contact for cybersecurity matters.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master’s degree preferred).
• Strong understanding of cybersecurity technologies, threat intelligence, and enterprise risk management.
• Proven leadership and team management experience within cybersecurity or information security functions.
• Ability to think strategically and align information security initiatives with overall business objectives.
• Excellent communication, presentation, and stakeholder management skills.
• Strong analytical, investigative, and problem-solving capabilities.
• Proven track record of managing enterprise-level information security programs.
• Hands-on experience with regulatory compliance requirements and recognized security frameworks (e.g., ISO 27001, NIST, SOC, etc.).
• High level of integrity with the ability to handle sensitive and confidential information.
• Proactive, resilient, and capable of operating effectively in a dynamic and high-risk environment.

Job Type: Full-time

Pay: Rs250,000.00 - Rs500,000.00 per month

Work Location: In person