Chief Information Security Officer

Location: Gurugram

Reports To: CEO /CTO

Employment Type: Full-Time

Experience: 10–15 years, with minimum 5 years in NBFC/financial services

The Chief Information Security Officer (CISO) is a CXO-level executive responsible for establishing and leading the organization's information security vision, strategy, and governance framework. The CISO ensures the confidentiality, integrity, and availability of the organization's information assets, in alignment with RBI regulations, business objectives, and industry best practices. This role oversees enterprise-wide cybersecurity initiatives, regulatory compliance, and risk management, while fostering a strong security culture across the organization.

1. Information Security Strategy & Governance

• Develop and implement a comprehensive enterprise information security strategy, framework, and governance model.
• Ensure alignment with regulatory requirements including RBI Cyber Security Framework for NBFCs, ISO 27001, IT Act, DPDP, and CERT-IN guidelines.
• Define security policies, standards, and procedures to mitigate risks and safeguard critical information assets.

2. Regulatory Compliance & Risk Management

• Drive compliance with regulatory and statutory requirements, including RBI, CERT-IN, and industry best practices.
• Lead enterprise-wide cyber risk assessments, vulnerability management, and penetration testing initiatives.
• Manage third-party and vendor risk, ensuring secure integrations with cloud and fintech partners.

3. Incident Response, Business Continuity & Resilience

• Develop, maintain, and test Incident Response, Business Continuity, and Disaster Recovery Plans.
• Ensure rapid and effective response to cyber incidents and minimize business disruption.
• Implement data security, encryption, and access control measures across all business units.

4. Security Operations & Infrastructure Oversight

• Oversee IT security operations including firewall management, patching, endpoint protection, and service monitoring.
• Establish secure IT infrastructure, ensuring operational resilience and continuous monitoring.

5. Leadership & Culture Development

• Lead, mentor, and develop the cybersecurity team, fostering a high-performance culture.
• Build awareness and training programs to promote cybersecurity, fraud prevention, and best practices organization-wide.

6. Stakeholder Engagement & Reporting

• Serve as the primary interface with regulators, auditors, and risk committees on cybersecurity matters.
• Provide regular reports to the Board and Risk Committee on cyber posture, risks, incidents, and mitigation strategies.
• Collaborate closely with IT, risk management, compliance, and business leaders to integrate security into strategic initiatives.

Educational Qualifications:

• Bachelor's degree in Engineering (BE/B.Tech) and/or MCA (or equivalent).
• Relevant certifications such as CISM, CISSP, CISA, ISO 27001 Lead Implementer/Auditor.

Professional Experience:

• 10–15 years of progressive experience in information security, including at least 5 years in NBFCs, banks, or financial services.
• Proven experience in information security strategy development, policy formulation, and implementation.
• Hands-on experience in IT security operations, BCP/DR planning, and regulatory compliance.
• Demonstrated success in leading security infrastructure projects and establishing enterprise-wide security controls.
• Strong experience in stakeholder management, including direct engagement with Boards, Risk Committees, and regulators.
• Ability to foster an organizational culture of security awareness and proactive risk management.

• Strategic thinking with strong business acumen.
• Deep understanding of regulatory frameworks applicable to NBFCs and financial services.
• Exceptional leadership and people management skills.
• Excellent communication and stakeholder management capabilities.
• Proactive approach to emerging cybersecurity threats and technology trends.