Information Security Officer

ABOUT THE ROLE:

We are building a Public Digital Infrastructure for Banking using emerging technologies to enable high-volume, cost-effective financial transactions. We are looking for a strategic and hands-on CISO to lead our cybersecurity efforts and ensure the integrity, security, governance, risk and compliance (GRC) and cyber security and BCP for of this next-gen financial platform.

KEY RESPONSIBILITIES:

1. Information Security Strategy & Ownership:

- Own and execute the enterprise-wide information and cyber security strategy, aligned with business goals.

- Develop and implement IT security roadmaps, governance models, and policies based on best practices (e.g., ISO 27001, PCI-DSS, RBI, CERT-In).

- Manage a skilled team of InfoSec and SOC professionals and drive performance, innovation, and continuous improvement.

2. Regulatory Compliance & Audit Management:

- Ensure compliance with RBI Cyber Security Framework for NBFCs, CERT-In advisories, ISO 27001, PCI-DSS, and other applicable regulations.

- Oversee the development and maintenance of all security documentation and act as the primary liaison with regulatory bodies.

- Responsible for InfoSec, IT audits (internal & external), governance, VAPT, risk assessments, and regulatory reporting.

- Manage the compliance program for Information & Cyber Security Requirements (e.g. regulatory standards, ISO27001, PCI-DSS CERT-In)

- Driving and governing audits and practice standardization (PCI , SoX, etc) across the firm.

3. Risk Management & Security Governance:

- Conduct continuous assessments of security practices, systems, and emerging threats to proactively mitigate risk.

- Maintain the Information Security Risk Register and manage third-party/vendor security assessments.

- Drive audit standardization efforts across teams (PCI, SOX, etc.).

- Conduct Cyber & BCP Risk assessment and maintain Risk register to make sure the level of risk is within permitted limit and ensure gaps are mitigated within specified timeline.

4. Security Operations & Incident Response:

- Lead and oversee SOC operations, including real-time monitoring, threat detection, and incident response.

- Develop and execute incident response plans, disaster recovery strategies and business continuity planning.

- Oversee digital forensics and breach investigation processes.

- Review & update Information security and BCP policies, IT and Security SOPs, BIA and Crisis plans

5. Technology Leadership & Innovation:

- Deliver next-generation security technologies and oversee the secure implementation of cloud and network architecture.

- Develop budgets for security operations and manage resources effectively.

- Promote security-by-design in digital transformation and IT initiatives.

6. Stakeholder Engagement & Culture Building:

- Communicate InfoSec strategy and programs to senior management, board members, and other internal/external stakeholders.

- Conduct security awareness programs, employee training, and periodic phishing simulations.

- Foster a culture of cybersecurity accountability throughout the organization.

- Ensure Information Security awareness for all employees and important stakeholders.

Skills & Qualifications:

- 8+ years of IT experience with major focus on Information Security. Preferred Sector is NBFCs/ Banks.

- Bachelor's degree in Computer Science, Information Technology, or related field (Master's preferred).

- Professional certifications such as CISSP, CISM, CISA, ISO 27001 LA, CEH.

- Deep understanding of regulatory frameworks (RBI, CERT-In), security standards (ISO 27001, PCI-DSS), and data privacy laws.

- Expertise in security technologies including SIEM, DLP, IAM, encryption, endpoint security, and vulnerability management.

- Expert knowledge ISO 27001:2013, Information and BCP.

- Primary Certifications: ISO and CISA.

- Familiarity with OWASP, attacker lifecycle frameworks, and mitigation strategies.

- Strong leadership, conflict resolution, and stakeholder management skills.

- Experience presenting InfoSec KPIs, audit findings, and risk posture metrics to executive stakeholders.

What we offer?

- Opportunity to create large scale national scale impact while ensuring fast career growth for self.

- Unparalleled learning opportunity about processes, product nuances, end customer behavior comprising a synthesis of all banks and the industry.

- Great work culture leveraging the agility of start-up and scale of large-scale public infrastructure.