Chief Information Security Officer

Role Objective:

The incumbent will work closely with the Group Chief Information Security Officer and Country Manager India in efficient formulation, implementation and management of the Bank's information security policy(s) and compliance programs pertaining to India Operations. The incumbent will ensure efficient management of Information Security Governance, in line with the Reserve Bank of India and other statutory / regulatory bodies governing our India operations.

The job holder will coordinate and execute the information security management system program (ISMS), Security operations, VAPT program, Red team program, Update RBI Daksh portal returns before deadline and Cyber security Framework implementation. The job holder will also ensure that risk management needs in relation to information security, including but not limited to incident response, access control, business continuity and disaster recovery are duly and promptly

addressed. This role requires extensive coordination and teamwork with inter and intra department officials.

Detailed

Roles and Responsibilities:

· Responsible for all cyber security governance framework along with other activities related to information and cyber security aspects as per the directions from Group Chief Information Security Officer.

· Contribute towards formulation of annual strategies, policies, and procedures of the Information Security Section, to support divisional and organizational business strategy.

· Ensure that the Information Security plans are within agreed budgets and timescales. Assist the Country Manager & Group Chief Information Security Officer in preparing/providing timely, accurate and complete progress reports to the Management reviews, RBI, IBA, IDRBT, CERT-In, CSITE etc.

· Update self on the IT/security industry trends, new solutions and techniques, as well as emerging threats and regulatory requirements/changes set by QCB and other relevant government bodies, and suggest adequate changes in the section, including but not limited to staffing of employees, department deliverables etc.

· Develop and maintain robust working relationships with internal/external stakeholders of Doha Bank to facilitate functional / operational/ strategic needs.

· Develop and maintain various performance monitoring check lists as required by ISO
27001 /RBI Cyber security Framework for IT and other operations.

· Responsible for managing RBI - CSITE advisories, circulars, policy development, security operation centre (SOC), vulnerability assessment and penetration testing etc.

· Member of Bank’s India Management Committee and Risk Management Committee where information security related risks, gaps and remedial measures are discussed and tabled.

Essential Qualifications and

Experience:

- Full-time master’s degree in computer science, Information Technology, Electronics & Telecommunications, Electrical/Electronics Engineering, or MCA from a recognized university.
- Professional certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor/Implementer are highly desirable.
- 10-15 years of overall IT experience, with 5–7 years in Information Security leadership roles.
- Strong knowledge of Information Security Management Systems (ISMS).
- Hands-on experience with Vulnerability Assessment & Penetration Testing (VAPT), and incident response frameworks.
- Familiarity with RBI’s Cyber Security Framework and experience in formulating and implementing information security policies in line with RBI and other statutory/regulatory requirements.
- Expertise in risk management, access control, business continuity, and disaster recovery planning.