STC UP CISO Recruitment 2026

About This Job

State Transformation Commission, Uttar Pradesh (STC UP) is hiring 1 Chief Information Security Officer (CISO) for the State Data Authority in Lucknow. If you are a senior cybersecurity professional with a Master's degree and 12-15+ years of experience in SOC, audits, networks, cloud security or governance, you can apply by email. The official vacancies page does not show a closing date, so you should check the page and apply early. Monthly pay for Senior Consultant roles is Rs. 2,55,000 to Rs. 3,30,000 as per the attached STC guidelines.

State Transformation Commission UP CISO Recruitment 2026 - 1 Post

State Transformation Commission, Uttar Pradesh is recruiting a CISO under the State Data Authority. The role reports to the Chief Executive Officer, STC UP and works closely with the Chief Technology Officer and Chief Data Officer. This is a senior cybersecurity leadership role focused on protecting government data, citizen information and critical digital systems.

The CISO will not work as a narrow technical support role. The official job description makes it a state-level cyber governance role, covering policy, security architecture, risk, incident response, audits, privacy and department-wide capacity building. The person selected should be able to work with senior government teams, vendors, technology officers and department nodal officers.

Who Can Apply?

Qualification and Experience

• Qualification: You should be a senior cybersecurity professional or technocrat with a strong cyber background and Master's degree.
• Experience: You need about 12-15+ years in information security, SOC, audits, networks, cloud security or cybersecurity governance.
• System exposure: Experience in large-scale enterprise or government systems is important for this role.
• General consultant qualification: STC guidelines also accept relevant Master's degree, B.E./B.Tech, 2-year PG Diploma in Management or other listed professional qualifications as per role need.

Age Limit and Engagement

• Upper age for Senior Consultant: 62 years as per STC consultant guidelines.
• Engagement period: The initial engagement is for 2 years.
• Extension: It may be extended by 1 year at a time up to a maximum of 5 years, based on performance and approval.
• Maximum age note: STC guidelines say no extension will be given beyond the age of 65 years.

Salary

• Position level: Senior Consultant.
• Monthly pay range: Rs. 2,55,000 to Rs. 3,30,000.
• The pay is consolidated and includes applicable taxes as per the STC consultant guidelines.
• Official travel reimbursement is available as per the Senior Consultant rules mentioned in the guidelines.

Core Role

• Cybersecurity governance: Develop the State Cybersecurity Strategy and annual security roadmap.
• Data protection: Protect citizen, departmental, financial and sensitive data through strong controls.
• Digital infrastructure: Secure data centres, cloud systems, networks, endpoints, APIs and mobile apps.
• Threat response: Build SOC / CERT-State capability and lead cyber incident response.
• Risk and audits: Conduct risk assessments, vulnerability assessments, penetration testing and compliance reviews.
• Training: Run cyber drills, phishing awareness and officer training across departments.

First 12 Months Deliverables

• Cyber policy: Get the State cybersecurity policy approved.
• Security baseline: Notify baseline security controls for departments.
• SOC readiness: Make the SOC / monitoring centre operational.
• MFA and audits: Enable MFA for critical users and audit top critical systems.
• Backup and training: Test backup / disaster recovery and launch phishing awareness.
• Nodal network: Establish a department cyber nodal officer network.

Service Conditions

• Consultant status: The selected person will work as an independent consultant/service provider under STC guidelines.
• Confidentiality: STC guidelines require strict handling of official documents, reports, data and communications.
• Full-time rule: A full-time consultant cannot take another assignment during the engagement period.
• Performance review: Continuation beyond the first year depends on annual performance review and approval.

Selection Process

The CISO page does not mention a written exam. Selection will follow the STC consultant selection process from the attached guidelines, where profiles are screened and placed before a committee.

1. Application Screening: STC will review CVs and applications for qualification, cybersecurity experience and role fit.
2. Screening Committee: A committee chaired by ACEO, STC may shortlist eligible applicants.
3. Consultancy Evaluation Committee: The committee chaired by CEO, STC will evaluate shortlisted profiles and take the process forward.
4. Police Verification and Joining Checks: STC guidelines mention police verification and contract conditions for selected consultants.

How to Apply

1. Prepare your updated CV with cybersecurity leadership, SOC, audit, cloud, network and governance experience.
2. Use the subject line Application for Chief Information Security Officer (CISO).
3. Email the application and CV to stcjobsapply@gmail.com.
4. Check the official STC UP vacancies page for the attached Job Description and Guidelines before sending your application.
5. Keep supporting documents ready for qualification, experience, identity and any later verification.

Important Dates

• Hiring Status: Currently hiring on the official STC UP vacancies page checked on 30 May 2026
• Last Date to Apply: Not mentioned on the official vacancies page
• Selection Schedule: To be announced by STC UP

Documents Required

• Updated CV with cybersecurity leadership experience
• Master's degree or other accepted qualification proof
• Experience documents for information security, SOC, audit, network, cloud or governance roles
• Identity and address proof for later checks
• Any supporting certificates related to cybersecurity, audits, cloud security or governance, if available

• Develop the State Cybersecurity Strategy and annual security roadmap
• Define security policies, controls, standards and compliance mechanisms
• Protect citizen, departmental, financial and sensitive government data
• Oversee SOC / CERT-State capability, threat monitoring and incident response
• Manage risk assessments, vulnerability assessments and security audits
• Coordinate privacy controls, logging, audit trails and breach reporting
• Train departmental officers through cyber drills and awareness programmes
• Review vendor, cloud provider and third-party cyber risk