Technical Security Strategist

Job DescriptionThe position of a Technical Security Manager is crucial for safeguarding technology infrastructure, applications, and network ecosystem across all operations within India.This role combines hands-on cybersecurity expertise with strong technical control implementation and compliance oversight under RBI's IT and Cybersecurity Framework for Payment System Operators.Key ResponsibilitiesLead security operations center (SOC) activities, ensuring proactive detection, investigation, and response to security incidents.Monitor and correlate events using SIEM platforms (e.g., Splunk, Sentinel, QRadar).Conduct incident triage, root cause analysis, and coordinate timely containment and recovery.Ensure adherence to RBI's cyber incident reporting timelines (e.g., within 2–6 hours for major incidents).Maintain incident management workflows and escalation processes in line with RBI standards.Collaborate with managed security service providers (MSSPs) for continuous monitoring and log management.Infrastructure ManagementDesign, configure, and manage secure network architecture including firewalls, VPNs, WAF, IDS/IPS, and segmentation.Ensure compliance with RBI-prescribed controls on hardening, patching, and security logging for payment systems.Perform infrastructure vulnerability assessments and oversee timely patch management.Maintain network topology, baseline configurations, and documentation for audit readiness.Ensure all regulated data (cardholder, transaction, and PII) is stored, processed, and maintained only in data centers located in India, in compliance with RBI data localization mandates.Cloud SecurityOversee implementation of cloud security controls (CSPM, CWPP, IAM policies) for Pay10's AWS, Azure, or hybrid environments.Partner with DevOps to embed DevSecOps practices, including automated code reviews, SAST/DAST scanning, and secure CI/CD pipelines.Conduct application security reviews and validate controls aligned to OWASP Top 10 and PCI DSS 4.0.Secure APIs and integrations used in payment processing and fintech applications.Review application security configurations for compliance with RBI and PCI-DSS encryption and key management requirements.Vulnerability ManagementLead the end-to-end vulnerability management program, ensuring prompt detection, prioritization, and remediation.Conduct periodic vulnerability scans, penetration testing, and red team assessments as required by RBI.Maintain a central vulnerability register and track closure with IT, DevOps, and business teams.Establish patch governance framework and periodic reporting to the CISO office.Integrate threat intelligence sources to anticipate and mitigate emerging risks.Identity and Access ManagementDefine and enforce Identity and Access Management (IAM) and Privileged Access Management (PAM) policies.Implement least-privilege principles, multi-factor authentication (MFA), and SSO across all systems.Conduct quarterly access reviews and entitlement audits to ensure compliance with RBI's access control guidelines.Maintain logs and reports for all privileged account activities as part of RBI's audit trail requirements.Compliance and AuditEnsure compliance with RBI Cyber Security Framework for Payment System Operators.Ensure compliance with RBI Master Direction on IT Governance, Risk, Controls & Assurance Practices.Ensure compliance with PCI DSS, ISO 27001, and SOC 2 frameworks.Coordinate internal and external IT and cybersecurity audits.Prepare and submit quarterly and annual IT & Cyber Risk reports to the CISO and Compliance Committee.Support banking partner and regulator-driven audits with evidence, control documentation, and remediation tracking.OthersMaintain the Incident Response Plan (IRP) and ensure regular testing and updates.Conduct incident simulations and tabletop exercises for critical applications.Lead post-incident reviews and document lessons learned and preventive measures.Ensure Business Continuity (BCP) and Disaster Recovery (DR) drills are conducted periodically, meeting RTO/RPO objectives.Document and maintain all DR test results for submission during RBI or partner bank audits.