Chief Information Security Officer - FinTech

Description:

Job Title: Chief Information Security Officer (CISO)

Location: Mulund, Mumbai, India

Department: Information Security

Reports To: Chief Executive Officer / Board of Directors

Company Overview:

We are a leading RBI-compliant Payment Aggregator (PA), delivering secure and seamless digital payment solutions across India.

With a strong commitment to regulatory adherence and operational excellence, we empower merchants and consumers through innovative financial technologies.

As we continue to scale, we seek a seasoned Chief Information Security Officer (CISO) to lead our enterprise information security strategy and ensure the highest levels of data protection, compliance, and risk governance.

Position Summary:

The CISO will be responsible for establishing, implementing, and overseeing the companys end-to-end information security framework.

This includes governance, regulatory compliance, cyber risk management, and incident response.

The role demands strong leadership in protecting sensitive payment data, maintaining regulatory relationships (notably with RBI and CERT-In), and enabling secure digital transformation in alignment with industry standards.

Key Responsibilities

1. Security Strategy & Governance

- Develop and execute a robust cybersecurity strategy aligned with RBI guidelines, PCI-DSS, ISO 27001, and NIST frameworks.

- Establish and continuously improve information security policies, procedures, and controls.

- Oversee implementation and maintenance of the Information Security Management System (ISMS).

2. Regulatory Compliance

- Ensure full compliance with RBIs guidelines for Payment Aggregators, including 24-hour incident reporting to RBI and CERT-In.

- Manage audits and assessments related to PCI-DSS, ISO 27001, and other applicable regulations.

- Serve as the primary liaison for security-related regulatory communications and inspections.

3. Incident Management

- Lead the design and execution of an enterprise-wide cybersecurity incident response framework.

- Direct containment, investigation, remediation, and RCA/reporting for all security incidents.

- Ensure timely and accurate reporting to regulators as per statutory obligations.

4. Vendor & Third-Party Risk Management

- Assess and monitor the security posture of third-party vendors and partners.

- Ensure contractual enforcement of security requirements in vendor SLAs.

- Evaluate vendor compliance with relevant certifications (e.g., ISO 27001, PCI-DSS).

5. Cyber Risk Management

- Conduct periodic enterprise risk assessments; define and implement risk mitigation strategies.

- Monitor evolving cyber threats, vulnerabilities, and fraud tactics affecting digital payments.

- Deploy proactive controls to defend against malware, DDoS, data breaches, and system compromises.

6. Team Leadership & Security Awareness

- Build, lead, and mentor a high-performing cybersecurity team.

- Drive company-wide security awareness through ongoing training and engagement initiatives.

- Collaborate cross-functionally to integrate security into IT, Legal, Compliance, and Operational processes.

7. Technology Leadership

- Oversee implementation and optimization of cybersecurity tools (SIEM, IDS/IPS, EDR, firewalls, encryption, etc.).

- Ensure secure architecture and deployment of APIs, payment gateways, and cloud infrastructure.

- Stay ahead of cybersecurity trends and emerging technologies relevant to the fintech/payments space.

Qualifications & Experience

Education:

Bachelors or Masters degree in Computer Science, Information Security, Cybersecurity, or related fields.

Preferred: Professional certifications such as CISSP, CISM, CISA, CRISC.

Experience:

- Minimum 10+ years in cybersecurity with at least 5 years in a senior leadership role.

- Strong background in fintech, payment processing, or financial services environments.

- Demonstrated experience with RBI security regulations, PCI-DSS, ISO 27001, and incident reporting protocols.

Skills & Competencies

- Deep understanding of information security frameworks (ISO 27001, NIST, OWASP).

- Strong grasp of RBI PA guidelines and cyber regulatory landscape in India.

- Expertise in API security, cloud security, encryption, and fraud detection technologies.

- Proven ability to lead cross-functional teams and influence at executive/board levels.

- Analytical mindset with pragmatic approach to risk mitigation and compliance.

Preferred Qualifications

- Experience engaging with regulatory authorities like RBI, CERT-In, or NPCI.

- Knowledge of secure third-party integrations and vendor risk management.

- Familiarity with emerging fintech technologies (e.g., UPI, blockchain, tokenization)