Description : Cybersecurity Regulatory & Compliance Officer

Experience : 4 - 8 Years

Industry : Banking / Financial Services / IT & Information Security

Education : B.Tech in Computer Science, IT, or related field; (CISA/CISSP/CISM preferred)

Role Summary :

We are seeking a high-caliber Cybersecurity Regulatory & Compliance Officer to spearhead the alignment of our security operations with global and local regulatory mandates. In this strategic role, you will act as the "Compliance Architect," bridging the gap between technical cybersecurity operations and legal obligations. Your primary focus will be navigating the RBI Master Directions, DPDP Act, and international frameworks like ISO 27001 and NIST.

You will be responsible for translating complex regulatory language into actionable internal controls, managing the closure of audit issues (Internal, External, and Regulatory), and ensuring that "Privacy by Design" is woven into the fabric of our technology stack.

Responsibilities :

- Regulatory Intelligence & Monitoring : Continuously monitor and interpret RBI Master Directions, circulars, and advisories, alongside global frameworks like NIST, PCI-DSS, and CIS Controls.

- Compliance Framework Engineering : Lead the translation of data privacy and cybersecurity laws into technical internal controls and comprehensive risk mitigation strategies.

- Privacy by Design Integration : Embed privacy principles into the development lifecycle of technology and business processes, ensuring alignment with the DPDP (Digital Personal Data Protection) Act.

- Audit Orchestration & Resolution : Collaborate with IT, Security, and Business units to drive the timely closure of all cybersecurity audit observations from internal, external, and regulatory bodies.

- Audit Preparedness : Spearhead the preparation for high-stakes assessments, including ISO 27001 certification, PCI-DSS validation, and RBI thematic audits.

- Regulatory Reporting & Filings : Manage the preparation and submission of mandatory cybersecurity filings, incident reports, and compliance documentation to regulatory authorities.

- Stakeholder Advisory : Provide the CISO and executive leadership with real-time updates on the evolving threat and regulatory landscape to influence strategic security investments.

- Security Awareness Leadership : Design and deliver specialized internal training programs focused on compliance requirements and secure data handling practices.

- VAPT & SOC Oversight : Review findings from Vulnerability Assessments and Penetration Testing (VAPT) and SOC reports to ensure control gaps are identified and remediated in accordance with compliance timelines.

Technical Requirements :

- Framework Mastery : 4+ years of hands-on experience in IT Audit and compliance with ISO 27001, NIST, and PCI-DSS.

- Regulatory Knowledge : Deep understanding of the RBI Cybersecurity Framework and the DPDP Act.

- Audit & VAPT Understanding : Solid grasp of VAPT methodologies and SOC operations to effectively interpret audit evidence.

- Documentation Skills : Proven ability in Audit Reporting and creating high-quality regulatory filings.

Preferred Skills :

- Certifications : CISA, CISM, CISSP, or ISO 27001 Lead Auditor is highly desirable.

- Legal Literacy : Ability to interpret legal terminology in the context of information security.

- Project Management : Experience in managing large-scale compliance transformation projects.

Core Competencies :

- Curiosity & Willingness to Learn : A proactive approach to staying ahead of rapidly changing data privacy laws and cybersecurity threats.

- Initiative & Responsibility : A self-starter who takes ownership of the organization's compliant security posture.

- Responsive Leadership : Ability to work independently and provide rapid responses during regulatory inquiries or emergency audits.

- Communication & Empathy : Strong interpersonal skills to navigate sensitive audit findings with cross-functional teams and build consensus on remediation paths.