Job Description

Deputy Chief Information Security Officer (Deputy CISO)

Kotak Mahindra Bank Limited
(Banking & Regulatory Experience – Mandatory)

Location

Mumbai

Reporting Line

• Reports to: Chief Information Security Officer (CISO)
• Governance interfaces:
  • Senior Management IT Steering Committee
  • Board-level IT Strategy Committee (via CISO)
  • Risk, Compliance, Internal Audit, Technology Leadership

Role Purpose

The Deputy CISO supports the CISO in managing the bank’s cybersecurity, technology risk, resilience, and regulatory compliance obligations, while providing leadership over specialized functional areas (GRC / SOC / IR).

The role ensures that Kotak’s cyber security posture meets RBI’s stringent expectations, global banking best practices, and resilience requirements for high-volume, high-availability digital banking.

Mandatory Experience Requirement

The candidate must meet ALL of the following:

✅ Banking Sector Experience (Mandatory)

• Must have worked in a leading foreign bank OR major Indian bank.
• Experience must include multi‑country or large-scale India operations, with exposure to complex banking platforms (digital channels, payments, core banking, lending, cards).

✅ Regulatory Management Experience (Mandatory)

• Must have directly managed regulatory interfaces, including:
  • RBI inspections (IT, Cyber, Digital, Outsourcing, Supervision)
  • Responses to RBI notices, supervisory letters, thematic reviews
  • Handling CERT-In obligations, breach reporting, and security advisories
  • Engagement with NPCI, UIDAI, SEBI, IRDAI, and other ecosystem regulators, where applicable
• Must have led regulatory remediation programs, ensuring timely closure of observations.

Core Responsibilities (Applicable Across Both Deputy CISO Tracks: GRC + SOC/IR)

1. Cyber Governance & Risk Oversight

• Implement the enterprise IT & Information Security Risk Framework across businesses and technology.
• Ensure cyber risks are identified, assessed, mitigated, and escalated appropriately.
• Prepare and review Board‑level dashboards, KRIs, and risk summaries.

2. Regulatory Compliance & Examination Management

• Lead readiness for:
  • RBI IT Governance & Cyber Security guidelines
  • RBI supervisory audits and thematic reviews
  • External audits and IS audits
• Draft responses, coordinate evidence, and support the CISO in supervisory meetings.
• Track regulatory action items and ensure sustainable closure.

3. Business Continuity & Resilience

• Ensure cyber risks are embedded into BCP/DR strategy, testing, and execution.
• Work with Technology and Operations teams to ensure robust, tested recovery capabilities.

4. Third‑Party & Outsourcing Security Governance

• Oversee cyber assessment and monitoring of critical vendors, cloud partners, fintech, and outsourced service providers.
• Ensure compliance with RBI outsourcing directives and contractual controls.

5. Leadership, Stakeholder Management & Communication

• Engage senior management, technology heads, and business leaders on cyber risk topics.
• Prepare briefing notes for MD & CEO, Board, audit committees, and regulators.
• Mentor security teams and uplift cyber maturity across the bank.

Candidate Profile

Experience

• 14–20 years in information security, cyber risk, technology risk, or cyber defence — major BFSI experience mandatory
• Experience in at least one foreign bank or major Indian bank is essential.
• Must have direct regulator-handling experience (RBI, CERT-In, NPCI, etc.).
• Must have managed complex cyber/security programs at scale.

Education & Certifications (Preferred)

• Engineering/Computer Science background
• CISSP / CISM / CRISC
• GIAC certifications (GCIH / GCIA / GCFA / GCED) for technical track
• ISO 27001 Lead Auditor / Implementer
• ITIL / COBIT for governance-heavy roles

Leadership Traits

• Mature regulatory judgment
• High executive presence
• Strong crisis leadership (especially for incidents)
• Ability to influence CXOs, auditors, and regulators
• Clear communicator for Board- and regulator-level interactions