Pay10 - Head - Information Security

Key Responsibilities : Strategic Leadership- Develop and implement the enterprise-wide information security strategy, policies, and frameworks.- Provide thought leadership on emerging cyber risks, threats, and technologies.- Establish an enterprise security architecture aligned with business objectives.- Represent information security at executive leadership meetings and board-level discussions. Governance, Risk & Compliance (GRC)- Ensure compliance with relevant regulations, standards, and frameworks (e.g, ISO 27001, NIST CSF, GDPR, PCI DSS).- Lead risk assessments, security audits, and penetration testing programs.- Develop incident response, disaster recovery, and business continuity plans.- Oversee vendor risk management and third-party security due diligence. Leadership & People Management:- Build and lead a high-performing information security team, including SOC analysts, security engineers, and risk specialists.- Define roles, responsibilities, and career development paths within the security function.- Foster a culture of security awareness across the organization through training and communication.- Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes. DevSecOps & Application Security:- Integrated security into CI/CD pipelines with automated tools:.- SSO SAST (e.g, SonarQube). DAST (e.g, OWASP ZAP).- Dependency scanning (e.g , Snyk).- Conducting secure code reviews, threat modelling, and application pen tests.- Leading developer security awareness programs and secure coding bootcamps.- Threat Intelligence & Vulnerability Management.- Set up continuous vulnerability management workflows using the relevant VM tools.- Consumed and actioned threat intelligence feeds (CTI) to proactively defend against APTs and fraud campaigns.- Correlating TI with internal telemetry to identify emerging threats specific to fintech and digital banking. Data Protection & Privacy:- Implemented technical and organizational measures (TOMs) for India DPDP compliance.- Overseeing DLP, data classification, and encryption policies across Pay10 cloud environment.- Preparing to conduct DPIAs and privacy-by-design assessments for new fintech products.- Initiation of RoPA activities to document all records with Pay10 environment. Stakeholder & External Engagement:- Serve as the primary point of contact for regulators, auditors, and external security partners.- Engage with business leaders to balance security requirements with operational needs.- Build strong relationships with law enforcement, cybersecurity forums, and industry associations. Incident Response & Business Continuity:- Own the Incident Response Plan (IRP) and ensure proper training, testing, and refinement.- Lead investigations into data breaches or security incidents and coordinate responses.- Support business continuity and disaster recovery (BC/DR) planning and exercises. Required Qualifications:- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.- 12+ years of experience in cybersecurity.- Proven experience in Financial services, FinTech, or other regulated environments. Skills & Competencies:- Good understanding of security and privacy frameworks: NIST CSF, ISO 27001, SOC 2, PCI-DSS, OWASP Top 10, etc.- Knowledge of fintech regulatory landscape under RBI.- Experience in AWS security controls.- Experience with application security in cloud-native environments.- Familiarity with common FinTech architectures: microservices, APIs, mobile apps, open banking (e.g, PSD2).- Strong communication and stakeholder management skills.- Ability to translate technical risk into business language for executives and stakeholders. (ref:iimjobs.com)