Key Responsibilities :
Strategic Leadership
- Develop and implement the enterprise-wide information security strategy, policies, and frameworks.
- Provide thought leadership on emerging cyber risks, threats, and technologies.
- Establish an enterprise security architecture aligned with business objectives.
- Represent information security at executive leadership meetings and board-level discussions.
Governance, Risk & Compliance (GRC)
- Ensure compliance with relevant regulations, standards, and frameworks (e.G., ISO 27001, NIST CSF, GDPR, PCI DSS).
- Lead risk assessments, security audits, and penetration testing programs.
- Develop incident response, disaster recovery, and business continuity plans.
- Oversee vendor risk management and third-party security due diligence.
Leadership & People Management
- Build and lead a high-performing information security team, including SOC analysts, security engineers, and risk specialists.
- Define roles, responsibilities, and career development paths within the security function.
- Foster a culture of security awareness across the organization through training and communication.
- Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes.
DevSecOps & Application Security
- Integrated security into CI/CD pipelines with automated tools:
- SSO SAST (e.G., SonarQube)
- DAST (e.G., OWASP ZAP)
- Dependency scanning (e.G., Snyk)
- Conducting secure code reviews, threat modelling, and application pen tests.
- Leding developer security awareness programs and secure coding bootcamps.
Threat Intelligence & Vulnerability Management
- Set up continuous vulnerability management workflows using the relevant VM tools.
- Consumed and actioned threat intelligence feeds (CTI) to proactively defend against APTs and fraud campaigns.
- Correlating TI with internal telemetry to identify emerging threats specific to fintech and digital banking.
Data Protection & Privacy
- Implemented technical and organizational measures (TOMs) for India DPDP compliance.
- Overseeing DLP, data classification, and encryption policies across Pay10 cloud environment.
- Preparing to conduct DPIAs and privacy-by-design assessments for new fintech products.
- Initiation of RoPA activities to document all records with Pay10 environment.
Stakeholder & External Engagement
- Serve as the primary point of contact for regulators, auditors, and external security partners.
- Engage with business leaders to balance security requirements with operational needs.
- Build strong relationships with law enforcement, cybersecurity forums, and industry associations.
Incident Response & Business Continuity
- Own the Incident Response Plan (IRP) and ensure proper training, testing, and refinement.
- Lead investigations into data breaches or security incidents and coordinate responses.
- Support business continuity and disaster recovery (BC/DR) planning and exercises.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
- 12+ years of experience in cybersecurity.
- Proven experience in Financial services, FinTech, or other regulated environments.
Skills & Competencies
- Good understanding of security and privacy frameworks: NIST CSF, ISO 27001, SOC 2, PCI-DSS, OWASP Top 10, etc.
- Knowledge of fintech regulatory landscape under RBI.
- Experience in AWS security controls.
- Experience with application security in cloud-native environments.
- Familiarity with common FinTech architectures: microservices, APIs, mobile apps, open banking (e.G., PSD2).
- Strong communication and stakeholder management skills.
- Ability to translate technical risk into business language for executives and stakeholders.