Chief Information Security Officer

Job Title: Chief Information Security Officer (CISO)

Location: Mumbai, India (Mulund)

Type: Full Time(On site, 5.5 days working)

Department: Information Security

Position Summary:

The Chief Information Security Officer (CISO) will be responsible for developing, implementing, and managing the enterprise-wide information security strategy.

The role includes overseeing all cybersecurity operations, ensuring compliance with RBI guidelines, managing security incidents, and safeguarding critical payment data.

The CISO will play a key leadership role in protecting the integrity of our payment ecosystem while facilitating regulatory compliance, risk mitigation, and secure technology enablement.

Key Responsibilities

Security Strategy & Governance:

- Develop and lead a comprehensive cybersecurity strategy in line with RBI regulations and industry standards (e.g., PCI-DSS, ISO 27001, NIST).

- Establish and maintain security policies, procedures, and controls to protect customer and transactional data.

- Oversee the operation and continuous improvement of the Information Security Management System (ISMS).

Regulatory Compliance:

- Ensure full compliance with RBI Guidelines on Payment Aggregators, including mandatory 24-hour reporting of security incidents to RBIs Department of Payment and Settlement Systems and CERT-In.

- Ensure adherence to applicable regulations such as PCI-DSS, GDPR (if applicable), and ISO standards.

- Liaise with internal/external auditors and regulators to conduct regular security reviews and audits.

Incident Management:

- Design and maintain an effective cybersecurity incident response framework.

- Lead investigations, containment, remediation, and post-incident reviews of security breaches or cyber threats.

- Ensure timely submission of root cause analyses and regulatory reporting of incidents.

Vendor and Third-Party Risk Management:

- Lead security assessments and due diligence of third-party service providers, technology partners, and cloud vendors.

- Evaluate vendor compliance with security certifications (e.g., ISO 27001, PCI-DSS) and reporting capabilities.

- Define and enforce security requirements in vendor contracts and SLAs.

Cyber Risk Management:

- Conduct enterprise-wide risk assessments and develop risk treatment plans for critical systems and processes.

- Deploy controls to address threats such as data breaches, fraud, malware, and DDoS attacks.

- Monitor emerging threats, vulnerabilities, and attack trends in the digital payments landscape.

Team Leadership & Awareness:

- Build, mentor, and manage a high-performing cybersecurity team.

- Promote a strong security culture through employee awareness programs and regular training.

- Work cross-functionally with IT, Compliance, Legal, and Operations to embed security into business workflows.

Technology Leadership:

- Evaluate, deploy, and manage cutting-edge cybersecurity technologies including SIEM, firewalls, EDR, IDS/IPS, encryption, and fraud prevention systems.

- Ensure secure design and integration of APIs, payment gateways, and technical infrastructure.

- Stay informed of innovations in cybersecurity, digital payments, and data protection.

Qualifications & Experience:

Education:

- Bachelors or Masters degree in Computer Science, Information Security, Cybersecurity, or a related field.

- Professional certifications such as CISSP, CISM, CISA, or CRISC are highly preferred.

Experience:

- Minimum 10+ years of progressive experience in cybersecurity, with at least 5 years in a senior leadership role.

- Extensive experience in managing security within payment processing, fintech, or financial services environments.

- Demonstrated experience in RBI-compliant security practices, incident reporting, and regulatory engagement.

- Proven track record of PCI-DSS and ISO 27001 compliance implementation and audit management.

Skills & Competencies:

- In-depth knowledge of information security standards and frameworks (e.g., ISO 27001, NIST, OWASP).

- Strong understanding of RBI Guidelines for Payment Aggregators and regulatory reporting procedures.

- Proficiency in cloud security, API security, encryption protocols, and fraud detection systems.

- Excellent leadership, communication, and stakeholder management skills.

- Ability to analyze complex risks and design effective, pragmatic solutions.

Preferred Qualifications:

- Experience working with regulatory authorities such as RBI, CERT-In, or NPCI.

- Background in vendor risk management and secure third-party integrations.

- Awareness of emerging technologies in payments, including blockchain, UPI, or tokenization.

Why Join Us?

- Lead security for a growing and mission-driven fintech at the forefront of Indias digital payments revolution.

- Collaborate in a dynamic environment with innovation at its core.

- Competitive compensation, performance-based incentives, and comprehensive benefits.

- Opportunity to shape national payment security practices and influence regulatory policy adherence.