Back to Jobs
General Manager - Cybersecurity Governance, Resilience and Cyber Trust
Actively Reviewing
BharatPe
Job Description
Role : Cybersecurity Governance, Resilience and Cyber Trust
Key Responsibilities
- Creating the vision and roadmap for the GRC program, to be a business enabler
- Partner with Cyber Security, Technology, Infrastructure, Cloud, Dev and Business teams to strengthen cyber recovery capabilities.
- Setup GRC organization including Risk, Compliance, Audit, TPRM, Policy, Cyber Resilience (BCP/DR) and AI Governance functions
- Define and execute the enterprise GRC strategy aligned to cybersecurity and business objectives
- Establish governance frameworks, policies, standards, and operating models
- Provide executive reporting to CISO, senior leadership, and Board-level committees on risk posture and compliance status
Risk Management (Cyber & IT Risk)
- Own the Cybersecurity area within the Enterprise Risk Management (ERM) program including risk identification, assessment, mitigation, and reporting
- Maintain and govern the centralized risk register and ensure timely updates across BUs
- Define risk appetite, tolerance, and escalation mechanisms
- Facilitate risk-based decision-making processes including Policy exception and risk acceptance processes and criteria.
- Compliance & Regulatory Management
- Ensure compliance with global and regional regulatory requirements (e.g., ISO27001, ISO22301, ISO42001, PCI-DSS, PCI-PIN, PCI P2PE as applicable)
- Govern adherence to industry standards and certifications:
- ISO 27001, ISO 22301, ISO 42001 and ISO 9000
- SOC 1 Type II, SOC 2 Type II
- NIST, PCI-DSS and other regional certifications
- Oversee internal controls design, testing, and remediation tracking
- Act as the primary escalation point for compliance risks and audit findings
- Drive continuous improvement of GRC maturity leveraging frameworks such as NIST CSF and ISO 27001
Audit & Assurance
- Lead enterprise risk assessments, third-party/vendor risk, and operational resilience programmes (DORA-aligned where serving global BFSI clients).
- Provide executive oversight for:
- Internal audits (IA), external audits, and regulatory reviews
- Audit planning, execution coordination, and closure of findings
- Govern audit partner relationships and ensure audit readiness across the organization
- Ensure effective remediation and closure of audit findings within defined timelines
- Run internal and external audit cycles end-to-end; maintain a zero-major-finding audit posture.
Third-Party Risk Management (TPRM)
- Lead the enterprise TPRM program including:
- Risk assessments of suppliers and partners
- Security clauses in supplier contracts
- Partner with Procurement, Legal, and Privacy functions
- Ensure continuous monitoring of third-party risk posture through Security Rating tools
Policy, Standards & Control Framework
- Establish and maintain corporate information security policies, standards, and procedures
- Ensure alignment with control frameworks (ISO, RBI, PCI)
- Govern policy lifecycle management, including annual reviews, approvals, updates, and awareness.
- Own and continuously mature the ISMS is aligned to ISO 27001:2022, SOC 2 Type II, PCI-DSS v4.0, NIST CSF 2.0 and the RBI Cyber Security Framework for Banks/NBFCs/UCBs.
- Ensure compliance with the DPDP Act 2023, GDPR (where applicable), HIPAA (if health-finance overlap), and emerging AI/ML governance norms.
Security Awareness & Culture
- Provide executive sponsorship to Security Awareness & Training programs
- Ensure alignment of training with risk landscape and organizational priorities
- Monitor effectiveness through metrics, reporting, and behavioral risk reduction
AI Security
- Define and drive enterprise AI security strategy and roadmap.
- Define and run our AI security program for ML, generative-AI, and agent-based systems.
- Address AI-specific threats — prompt injection, training-data poisoning, model misuse, and data leakage.
- Work to NIST AI Risk Management Framework principles, regulator issued frameworks (RBI FREE), CERT and govern the AI model lifecycle.
- Establish AI governance framework, standards, and security guardrails for AI development and consumption.
- Develop AI acceptable use policies and secure AI adoption guidelines for employees and vendors/partners.
- Define AI risk classification and review mechanisms, including intake, exception handling, and approvals.
- Establish AI security review and approval processes for new AI use cases, models, and integrations.
- Conduct AI security and risk assessments for enterprise AI initiatives and high-impact use cases.
- Assess risks related to GenAI, LLMs, APIs, plugins, agents, and AI integrations (including third-party AI services).
- Identify and manage risks such as data leakage, prompt injection, insecure output handling, model misuse, and shadow AI adoption.
- Align AI controls with enterprise security, privacy, and compliance requirements.
- Support compliance alignment with ISO 27001, PCI DSS, privacy regulations, and emerging AI regulations.
Business Continuity and Disaster Recovery
- Lead Business Continuity, Disaster Recovery, and Cyber Resiliency programs across the organization.
- Define, implement and test Business Continuity and Disaster recovery plans across the defined scope of the enterprise.
- Work closely with the Enterprise Resilience team to align Business Continuity Plans with Corporate Crisis Management plans
- Drive Business Impact Assessments (BIA), risk assessments, and recovery planning.
- Develop and enhance crisis management frameworks, response plans, and recovery playbooks.
- Lead enterprise-wide crisis response during cyber incidents, technology outages, and other major disruptions.
- Conduct resilience testing, disaster recovery exercises, and cyber recovery simulations.
- Support client audits, regulatory reviews, and resilience assurance activities.
- Identify and mitigate operational and technology-related single points of failure.
Business & Client Engagement
- Support client security assurance activities:
- Security questionnaires
- Contract and security exhibit reviews
- Act as executive point of contact for key customers on security governance matters
Metrics, Reporting & Governance
- Define KPIs/KRIs for all domains of GIS and report out through Monthly automated dashboards.
- Lead governance forums such as: Risk Review Boards and Policy Exception Review Committees
- Drive data-driven decision making and transparency across stakeholders
Desired Profile
- 14–25+ years in IT / Information Security with:
- 12+ years in cybersecurity
- 8+ years in GRC leadership roles
- Preferable with experience in the BFSI, Fintech, or SaaS/Product organizations
- Strong experience across:
- Risk management, audit, compliance, and policy frameworks
- Enterprise-scale GRC program leadership
- Prior experience interacting with:
- Executive leadership (CISO, CIO, COO, Risk Committee)
- Regulators and external auditors
- Experience in Information Security Management Crisis Management, Cyber Resiliency with Strong understanding of frameworks like ISO 22301, BCM lifecycle, Disaster Recovery, and Cyber Recovery frameworks.
- Experience working closely with Information Security, SOC, Incident Response, and Technology teams.
- Proven ability to manage high-impact incidents and enterprise-wide crisis situations.
- Excellent stakeholder management and executive communication skills.
Required Skills
Similar Jobs
View all →
Senior AI Defense Engineer
WilmerHale
ISO 45001
Machine Learning
Retrieval-Augmented Generation
+10
Technical Product Manager
MetricStream
Bengaluru
ISO 45001
ISO 27001
Compliance frameworks
+11
Risk Consulting - Digital Risk - Manager - Cyber
EY
Coimbatore
ISO 45001
ISO 27001
Machine Learning
+5
Fractional CISO (Regulated SaaS)
Verixa
Coimbatore
ISO 45001
ISO 27001
Adobe Illustrator
+2
GDS Cyber - AI Driven IAM - Senior
EY
Kochi
Machine Learning
OAuth 2.0
ISO 27001
+21
Share
Quick Apply
Upload your resume to apply for this position
–