Key Responsibilities :

Strategic Leadership

- Develop and implement the enterprise-wide information security strategy, policies, and frameworks.

- Provide thought leadership on emerging cyber risks, threats, and technologies.

- Establish an enterprise security architecture aligned with business objectives.

- Represent information security at executive leadership meetings and board-level discussions.

Governance, Risk & Compliance (GRC)

- Ensure compliance with relevant regulations, standards, and frameworks (e.g, ISO 27001, NIST CSF, GDPR, PCI DSS).

- Lead risk assessments, security audits, and penetration testing programs.

- Develop incident response, disaster recovery, and business continuity plans.

- Oversee vendor risk management and third-party security due diligence.

Leadership & People Management:

- Build and lead a high-performing information security team, including SOC analysts, security engineers, and risk specialists.

- Define roles, responsibilities, and career development paths within the security function.

- Foster a culture of security awareness across the organization through training and communication.

- Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes.

DevSecOps & Application Security:

- Integrated security into CI/CD pipelines with automated tools:.

- SSO SAST (e.g, SonarQube).

DAST (e.g, OWASP ZAP).

- Dependency scanning (e.g , Snyk).

- Conducting secure code reviews, threat modelling, and application pen tests.

- Leading developer security awareness programs and secure coding bootcamps.

- Threat Intelligence & Vulnerability Management.

- Set up continuous vulnerability management workflows using the relevant VM tools.

- Consumed and actioned threat intelligence feeds (CTI) to proactively defend against APTs and fraud campaigns.

- Correlating TI with internal telemetry to identify emerging threats specific to fintech and digital banking.

Data Protection & Privacy:

- Implemented technical and organizational measures (TOMs) for India DPDP compliance.

- Overseeing DLP, data classification, and encryption policies across Pay10 cloud environment.

- Preparing to conduct DPIAs and privacy-by-design assessments for new fintech products.

- Initiation of RoPA activities to document all records with Pay10 environment.

Stakeholder & External Engagement:

- Serve as the primary point of contact for regulators, auditors, and external security partners.

- Engage with business leaders to balance security requirements with operational needs.

- Build strong relationships with law enforcement, cybersecurity forums, and industry associations.

Incident Response & Business Continuity:

- Own the Incident Response Plan (IRP) and ensure proper training, testing, and refinement.

- Lead investigations into data breaches or security incidents and coordinate responses.

- Support business continuity and disaster recovery (BC/DR) planning and exercises.

Required Qualifications:

- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.

- 12+ years of experience in cybersecurity.

- Proven experience in Financial services, FinTech, or other regulated environments.

Skills & Competencies:

- Good understanding of security and privacy frameworks: NIST CSF, ISO 27001, SOC 2, PCI-DSS, OWASP Top 10, etc.

- Knowledge of fintech regulatory landscape under RBI.

- Experience in AWS security controls.

- Experience with application security in cloud-native environments.

- Familiarity with common FinTech architectures: microservices, APIs, mobile apps, open banking (e.g, PSD2).

- Strong communication and stakeholder management skills.

- Ability to translate technical risk into business language for executives and stakeholders.