Chief Information Security Officer

𝗝𝗼𝗯 𝗧𝗶𝘁𝗹𝗲: Chief Information Security Officer (CISO)𝗟𝗼𝗰𝗮𝘁𝗶𝗼𝗻: 𝗠𝘂𝗺𝗯𝗮𝗶, 𝗠𝗮𝗵𝗮𝗿𝗮𝘀𝗵𝘁𝗿𝗮, 𝗖𝗼𝗺𝗽𝗮𝗻𝘆: 𝗪𝗲𝗮𝘃𝗲𝗿𝗔𝗯𝗼𝘂𝘁 𝗪𝗲𝗮𝘃𝗲𝗿:At Weaver, we are redefining affordable housing finance in India. Launched in 2025, we are not patching legacy systems; we are building the future from a clean slate. Backed by over $170M from leading investors like Lightspeed and Premji Invest, we have acquired two profitable NBFCs to solve the cold-start problem, giving us an established business and the capital to build the right way. Our mission is to leverage technology and data to make homeownership fast, transparent, and accessible for families in Tier-2 and Tier-3 cities.𝗧𝗵𝗲 𝗢𝗽𝗽𝗼𝗿𝘁𝘂𝗻𝗶𝘁𝘆:This is a foundational leadership role where you will design and own the entire security, compliance, and risk posture of an AI-native financial institution. As the CISO, you will be the ultimate "Weaver," responsible for balancing the agility of our in-house development team with the strict regulatory needs of the financial services sector. This requires not just setting policies, but integrating modern DevSecOps practices and cloud security to ensure compliance with mandates from the RBI and NHB is seamless, automated, and non-blocking. You will build a security program that enables scale and innovation rather than hinders it.𝗞𝗲𝘆 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀:🛡️ Security Strategy & Governance • Develop, implement, and manage a comprehensive, multi-year Information Security Program aligned with business objectives and risk appetite. • Establish and maintain effective security governance, policies, standards, and guidelines for the entire organization. • Report on security posture, compliance status, and key risk indicators to the Executive Team and the Board. ⚖️ Regulatory Compliance & Risk Management • Act as the primary point of contact for security audits, examinations, and regulatory inquiries. • Ensure continuous compliance with mandates issued by the Reserve Bank of India (RBI), the National Housing Bank (NHB), and other relevant regulatory bodies governing the financial sector. • Lead comprehensive Security Risk Assessments and drive remediation efforts across all domains.💻 DevSecOps & Agility Integration (The Weaver Role) • Champion the DevSecOps methodology, integrating security testing, threat modeling, and vulnerability management early and continuously into the CI/CD pipelines ("Shift Left"). • Oversee the review process for the security architecture of new products and cloud implementations (AWS). • Implement pragmatic security controls that enable rapid development speed while ensuring security and compliance mandates are met.🚨 Security Operations & Cloud Defense • Lead and mature Security Operations Center (SOC) capabilities, including monitoring, detection, and analysis using SIEM tools. • Develop and regularly test the Incident Response Plan (IRP) and Disaster Recovery (DR) protocols. • Ensure robust security for our AWS-native stack, including IAM, network segmentation (VPC), and serverless security (Lambda).🤝 Team Leadership & AwarenessLead, mentor, and grow the information security team.Drive a strong, positive security-aware culture across the organization through continuous training and effective communication."𝗪𝗲𝗮𝘃𝗲𝗿" 𝗣𝗿𝗶𝗻𝗰𝗶𝗽𝗹𝗲 𝗙𝗼𝗰𝘂𝘀:Embrace and promote the "Weaving" concept, ensuring seamless integration between Development, QA, and Operations to make security an enabler of the unified, end-to-end software delivery lifecycle, preventing security roadblocks and minimizing manual overhead.𝗥𝗲𝗾𝘂𝗶𝗿𝗲𝗱 𝗦𝗸𝗶𝗹𝗹𝘀 𝗮𝗻𝗱 𝗤𝘂𝗮𝗹𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀Experience: 8–12 years of progressive experience in Information Security, with significant leadership experience (minimum 3 years) in a senior security leadership role. • Financial Services Expertise (Mandatory): Deep, practical understanding of the security and compliance requirements specific to the Financial Services Industry, with a strong preference for candidates having direct experience with Non-Banking Financial Companies (NBFCs). • Regulatory Knowledge: Expert knowledge of mandates from the RBI, NHB, and other relevant regulatory bodies is essential. • Modern Security Practices: Proven experience with cloud security (AWS), microservices security, container security (Docker/Kubernetes), and implementing DevSecOps principles. • Certifications: Relevant security certifications are highly desirable (e.g., CISSP, CISM, CRISC). • Technical Depth: Hands-on experience with SIEM, vulnerability management tools (DAST/SAST), and advanced threat protection tools. • Leadership: Demonstrated ability to communicate effectively with the Board, regulators, executive management, and highly technical teams.𝗢𝘂𝗿 𝗧𝗲𝗰𝗵 𝗦𝘁𝗮𝗰𝗸 (Security Context)Our stack is modern, AI-native, and built for scale on a clean slate. The CISO will be responsible for securing: • Cloud & Infrastructure (AWS): Fully AWS-native, leveraging serverless (Lambda), AI services (SageMaker, Bedrock), and robust data lake infrastructure (S3, Lake Formation). • Architecture & Principles: API-first, Event-Driven Automation, Data Mesh. • Languages: Python, React/React Native.𝗪𝗵𝘆 𝗝𝗼𝗶𝗻 𝗪𝗲𝗮𝘃𝗲𝗿? • Greenfield Work: Design the security architecture of a modern AI-native financial institution from scratch, free from legacy constraints. • Outsized Impact: Your decisions will directly shape our regulatory standing, competitive advantage, and customer trust. • Profit with Purpose: Lead security efforts for a company helping families achieve homeownership while building a scalable, profitable business. • Leadership: Join the core foundational leadership team with significant influence across the entire organization.