SMFG India Credit - Vice President - Cyber Security - Governance/Risk & Compliance

Key Responsibilities:
1. Governance & Policy
- Govern the lifecycle of security exceptions, deviations, compensating controls, and risk sign-offs.
- Oversee and maintain the Policy Exception Management framework and structured repository.
- Ensure policies, standards, and procedures are aligned with regulatory updates and industry best practices.
2. Cyber Risk Management
- Own the enterprise cyber risk taxonomy, KRIs, risk heatmaps, and dashboards aligned with regulatory bodies (e.g., RBI, IRDAI, CERT-In).
- Lead periodic control reviews for high-risk and emerging-risk domains.
- Monitor residual risks, track remediation plans, and drive timely closure with Technology, Security Operations, IT Infrastructure, and Business Units.
- Perform thematic risk reviews, scenario analyses, and maturity assessments against global frameworks (e.g., NIST CSF, ISO 27001, CIS).

3. Compliance & Audit
- Govern and facilitate threat landscape reviews, ensuring controls evolve to mitigate modern attack vectors.
- Manage regulatory reporting and ensure continuous adherence to legal, regulatory, and contractual cyber obligations.
- Act as the Subject Matter Expert for internal and external audits related to cybersecurity risk and governance.
- Ensure timely closure of audit findings and regulatory observations.
4. Incident Response & Business Continuity
- Collaborate with SOC, IR, and Cyber Resilience teams to maintain and enhance incident response and recovery capabilities.
- Provide second-line oversight for business continuity (BCP) and disaster recovery (DR) planning, testing, and assurance.
- Review cyber incident trends, root-cause analyses, and lessons learned.
5. Stakeholder Engagement & Reporting
- Partner with Technology, Legal, Enterprise Risk, Compliance, and Business Units to embed cybersecurity controls and risk practices into business processes.
- Deliver clear, data-driven cyber risk insights and dashboards to senior management, Risk Committees, and Board sub-committees.
- Drive enterprise awareness on cyber risk, regulatory expectations, and governance protocols.
Experience
- Minimum15+ years of total professional experience, with at least 12 years in cybersecurity Governance or cyber risk management.
- Strong experience in the BFSI sector (Banking, Financial Services, Insurance) is highly preferred.
- Hands-on familiarity with regulatory guidelines, cyber risk frameworks, and security technologies.
Skills & Competencies
- Strong understanding of enterprise technology stacks, cloud environments, identity and access management, vulnerability management, and data security controls.
- Deep knowledge of cyber risk methodologies, control frameworks, and security assurance practices.
- Excellent verbal and written communication; ability to simplify complex cyber topics for executive stakeholders.
- Strong governance mindset with the ability to influence, challenge, and drive accountability across all organizational levels.
- Analytical and strategic thinker with robust problem-solving abilities.