Bestkaam Logo
Back to Jobs
BharatPe

General Manager - Cybersecurity Governance, Resilience and Cyber Trust

Actively Reviewing

BharatPe

Gurugram Full-Time 4–8 yrs exp Posted 9 hours ago  · Apply by Sep 14, 2026

Role : Cybersecurity Governance, Resilience and Cyber Trust

Key Responsibilities

  • Creating the vision and roadmap for the GRC program, to be a business enabler
  • Partner with Cyber Security, Technology, Infrastructure, Cloud, Dev and Business teams to strengthen cyber recovery capabilities.
  • Setup GRC organization including Risk, Compliance, Audit, TPRM, Policy, Cyber Resilience (BCP/DR) and AI Governance functions
  • Define and execute the enterprise GRC strategy aligned to cybersecurity and business objectives
  • Establish governance frameworks, policies, standards, and operating models
  • Provide executive reporting to CISO, senior leadership, and Board-level committees on risk posture and compliance status


Risk Management (Cyber & IT Risk)

  • Own the Cybersecurity area within the Enterprise Risk Management (ERM) program including risk identification, assessment, mitigation, and reporting
  • Maintain and govern the centralized risk register and ensure timely updates across BUs
  • Define risk appetite, tolerance, and escalation mechanisms
  • Facilitate risk-based decision-making processes including Policy exception and risk acceptance processes and criteria.
  • Compliance & Regulatory Management
  • Ensure compliance with global and regional regulatory requirements (e.g., ISO27001, ISO22301, ISO42001, PCI-DSS, PCI-PIN, PCI P2PE as applicable)
  • Govern adherence to industry standards and certifications:
  • ISO 27001, ISO 22301, ISO 42001 and ISO 9000
  • SOC 1 Type II, SOC 2 Type II
  • NIST, PCI-DSS and other regional certifications
  • Oversee internal controls design, testing, and remediation tracking
  • Act as the primary escalation point for compliance risks and audit findings
  • Drive continuous improvement of GRC maturity leveraging frameworks such as NIST CSF and ISO 27001


Audit & Assurance

  • Lead enterprise risk assessments, third-party/vendor risk, and operational resilience programmes (DORA-aligned where serving global BFSI clients).
  • Provide executive oversight for:
  • Internal audits (IA), external audits, and regulatory reviews
  • Audit planning, execution coordination, and closure of findings
  • Govern audit partner relationships and ensure audit readiness across the organization
  • Ensure effective remediation and closure of audit findings within defined timelines
  • Run internal and external audit cycles end-to-end; maintain a zero-major-finding audit posture.


Third-Party Risk Management (TPRM)

  • Lead the enterprise TPRM program including:
  • Risk assessments of suppliers and partners
  • Security clauses in supplier contracts
  • Partner with Procurement, Legal, and Privacy functions
  • Ensure continuous monitoring of third-party risk posture through Security Rating tools


Policy, Standards & Control Framework

  • Establish and maintain corporate information security policies, standards, and procedures
  • Ensure alignment with control frameworks (ISO, RBI, PCI)
  • Govern policy lifecycle management, including annual reviews, approvals, updates, and awareness.
  • Own and continuously mature the ISMS is aligned to ISO 27001:2022, SOC 2 Type II, PCI-DSS v4.0, NIST CSF 2.0 and the RBI Cyber Security Framework for Banks/NBFCs/UCBs.
  • Ensure compliance with the DPDP Act 2023, GDPR (where applicable), HIPAA (if health-finance overlap), and emerging AI/ML governance norms.


Security Awareness & Culture

  • Provide executive sponsorship to Security Awareness & Training programs
  • Ensure alignment of training with risk landscape and organizational priorities
  • Monitor effectiveness through metrics, reporting, and behavioral risk reduction


AI Security

  • Define and drive enterprise AI security strategy and roadmap.
  • Define and run our AI security program for ML, generative-AI, and agent-based systems.
  • Address AI-specific threats — prompt injection, training-data poisoning, model misuse, and data leakage.
  • Work to NIST AI Risk Management Framework principles, regulator issued frameworks (RBI FREE), CERT and govern the AI model lifecycle.
  • Establish AI governance framework, standards, and security guardrails for AI development and consumption.
  • Develop AI acceptable use policies and secure AI adoption guidelines for employees and vendors/partners.
  • Define AI risk classification and review mechanisms, including intake, exception handling, and approvals.
  • Establish AI security review and approval processes for new AI use cases, models, and integrations.
  • Conduct AI security and risk assessments for enterprise AI initiatives and high-impact use cases.
  • Assess risks related to GenAI, LLMs, APIs, plugins, agents, and AI integrations (including third-party AI services).
  • Identify and manage risks such as data leakage, prompt injection, insecure output handling, model misuse, and shadow AI adoption.
  • Align AI controls with enterprise security, privacy, and compliance requirements.
  • Support compliance alignment with ISO 27001, PCI DSS, privacy regulations, and emerging AI regulations.


Business Continuity and Disaster Recovery

  • Lead Business Continuity, Disaster Recovery, and Cyber Resiliency programs across the organization.
  • Define, implement and test Business Continuity and Disaster recovery plans across the defined scope of the enterprise.
  • Work closely with the Enterprise Resilience team to align Business Continuity Plans with Corporate Crisis Management plans
  • Drive Business Impact Assessments (BIA), risk assessments, and recovery planning.
  • Develop and enhance crisis management frameworks, response plans, and recovery playbooks.
  • Lead enterprise-wide crisis response during cyber incidents, technology outages, and other major disruptions.
  • Conduct resilience testing, disaster recovery exercises, and cyber recovery simulations.
  • Support client audits, regulatory reviews, and resilience assurance activities.
  • Identify and mitigate operational and technology-related single points of failure.


Business & Client Engagement

  • Support client security assurance activities:
  • Security questionnaires
  • Contract and security exhibit reviews
  • Act as executive point of contact for key customers on security governance matters


Metrics, Reporting & Governance

  • Define KPIs/KRIs for all domains of GIS and report out through Monthly automated dashboards.
  • Lead governance forums such as: Risk Review Boards and Policy Exception Review Committees
  • Drive data-driven decision making and transparency across stakeholders


Desired Profile

  • 14–25+ years in IT / Information Security with:
  • 12+ years in cybersecurity
  • 8+ years in GRC leadership roles
  • Preferable with experience in the BFSI, Fintech, or SaaS/Product organizations
  • Strong experience across:
  • Risk management, audit, compliance, and policy frameworks
  • Enterprise-scale GRC program leadership
  • Prior experience interacting with:
  • Executive leadership (CISO, CIO, COO, Risk Committee)
  • Regulators and external auditors


  • Experience in Information Security Management Crisis Management, Cyber Resiliency with Strong understanding of frameworks like ISO 22301, BCM lifecycle, Disaster Recovery, and Cyber Recovery frameworks.
  • Experience working closely with Information Security, SOC, Incident Response, and Technology teams.
  • Proven ability to manage high-impact incidents and enterprise-wide crisis situations.
  • Excellent stakeholder management and executive communication skills.