Chief Information Security Officer

: Chief Information Security Officer (CISO): , , : :At Weaver, we are redefining affordable housing finance in India. Launched in 2025, we are not patching legacy systems; we are building the future from a clean slate. Backed by over $170M from leading investors like Lightspeed and Premji Invest, we have acquired two profitable NBFCs to solve the cold-start problem, giving us an established business and the capital to build the right way. Our mission is to leverage technology and data to make homeownership fast, transparent, and accessible for families in Tier-2 and Tier-3 cities. :This is a foundational leadership role where you will design and own the entire security, compliance, and risk posture of an AI-native financial institution. As the CISO, you will be the ultimate "Weaver," responsible for balancing the agility of our in-house development team with the strict regulatory needs of the financial services sector. This requires not just setting policies, but integrating modern DevSecOps practices and cloud security to ensure compliance with mandates from the RBI and NHB is seamless, automated, and non-blocking. You will build a security program that enables scale and innovation rather than hinders it. :️ Security Strategy & Governance • Develop, implement, and manage a comprehensive, multi-year Information Security Program aligned with business objectives and risk appetite. • Establish and maintain effective security governance, policies, standards, and guidelines for the entire organization. • Report on security posture, compliance status, and key risk indicators to the Executive Team and the Board. ⚖️ Regulatory Compliance & Risk Management • Act as the primary point of contact for security audits, examinations, and regulatory inquiries. • Ensure continuous compliance with mandates issued by the Reserve Bank of India (RBI), the National Housing Bank (NHB), and other relevant regulatory bodies governing the financial sector. • Lead comprehensive Security Risk Assessments and drive remediation efforts across all domains. DevSecOps & Agility Integration (The Weaver Role) • Champion the DevSecOps methodology, integrating security testing, threat modeling, and vulnerability management early and continuously into the CI/CD pipelines ("Shift Left"). • Oversee the review process for the security architecture of new products and cloud implementations (AWS). • Implement pragmatic security controls that enable rapid development speed while ensuring security and compliance mandates are met. Security Operations & Cloud Defense • Lead and mature Security Operations Center (SOC) capabilities, including monitoring, detection, and analysis using SIEM tools. • Develop and regularly test the Incident Response Plan (IRP) and Disaster Recovery (DR) protocols. • Ensure robust security for our AWS-native stack, including IAM, network segmentation (VPC), and serverless security (Lambda). Team Leadership & AwarenessLead, mentor, and grow the information security team.Drive a strong, positive security-aware culture across the organization through continuous training and effective communication."" :Embrace and promote the "Weaving" concept, ensuring seamless integration between Development, QA, and Operations to make security an enabler of the unified, end-to-end software delivery lifecycle, preventing security roadblocks and minimizing manual overhead. Experience: 8–12 years of progressive experience in Information Security, with significant leadership experience (minimum 3 years) in a senior security leadership role. • Financial Services Expertise (Mandatory): Deep, practical understanding of the security and compliance requirements specific to the Financial Services Industry, with a strong preference for candidates having direct experience with Non-Banking Financial Companies (NBFCs). • Regulatory Knowledge: Expert knowledge of mandates from the RBI, NHB, and other relevant regulatory bodies is essential. • Modern Security Practices: Proven experience with cloud security (AWS), microservices security, container security (Docker/Kubernetes), and implementing DevSecOps principles. • Certifications: Relevant security certifications are highly desirable (e.g., CISSP, CISM, CRISC). • Technical Depth: Hands-on experience with SIEM, vulnerability management tools (DAST/SAST), and advanced threat protection tools. • Leadership: Demonstrated ability to communicate effectively with the Board, regulators, executive management, and highly technical teams. (Security Context)Our stack is modern, AI-native, and built for scale on a clean slate. The CISO will be responsible for securing: • Cloud & Infrastructure (AWS): Fully AWS-native, leveraging serverless (Lambda), AI services (SageMaker, Bedrock), and robust data lake infrastructure (S3, Lake Formation). • Architecture & Principles: API-first, Event-Driven Automation, Data Mesh. • Languages: Python, React/React Native. ? • Greenfield Work: Design the security architecture of a modern AI-native financial institution from scratch, free from legacy constraints. • Outsized Impact: Your decisions will directly shape our regulatory standing, competitive advantage, and customer trust. • Profit with Purpose: Lead security efforts for a company helping families achieve homeownership while building a scalable, profitable business. • Leadership: Join the core foundational leadership team with significant influence across the entire organization.