Chief Information Security Officer

Role & responsibilities

Job Summary:

We are seeking a strategic and hands-on Chief Information Security Officer (CISO) to lead and manage the information security function at our mid-sized NBFC. The CISO will be responsible for defining and implementing the enterprise security strategy, policies, and programs to protect digital assets, customer data, and IT infrastructure. The ideal candidate will ensure regulatory compliance (RBI, CERT-In, etc.), drive cyber risk governance, and promote a security-first culture across the organization.

Key Responsibilities

1. Information Security Strategy & Governance

• Develop and implement enterprise-wide information security strategy and roadmap.
• Define, implement, and enforce cybersecurity policies, procedures, and standards.
• Lead the Information Security Management System (ISMS) in line with ISO 27001 or similar frameworks.

2. Regulatory & Compliance Management

• Ensure compliance with RBI Cyber Security Framework for NBFCs, CERT-In directives, and other applicable regulations.
• Conduct regular audits, VAPT, and gap assessments.
• Act as the primary liaison with regulators and auditors on all information security matters.

3. Risk Management

• Identify, assess, and mitigate information security risks across IT systems and business processes.
• Conduct regular risk assessments and manage the Information Security Risk Register.
• Monitor third-party/vendor risk related to data and information security.

4. Security Operations & Incident Response

• Oversee the Security Operations Center (SOC) and manage incident detection, response, and recovery.
• Lead investigation and forensic activities during security breaches or data loss events.
• Establish incident response plans, BCP, and disaster recovery protocols.

5. Awareness & Culture Building

• Conduct regular security training and awareness programs for employees and management.
• Promote a culture of shared responsibility for cybersecurity within the organization.

6. Team Management & Collaboration

• Lead and mentor the information security team.
• Collaborate closely with IT, Risk, Legal, Compliance, and Business units to integrate security into operations.

Preferred candidate profile

• Bachelors degree in Information Technology, Computer Science, or a related field; Masters preferred.
• Professional certifications such as

  CISSP, CISM, CISA, ISO 27001 LA, CEH

  etc. are highly desirable.
• In-depth knowledge of data privacy laws, RBI cyber security guidelines, and relevant NBFC regulatory environment.
• Experience in managing SIEM, DLP, Endpoint Protection, IAM, and Firewall solutions.
• Strong leadership, communication, and stakeholder management skills.