Role Overview
As the Chief Information Security Ocer (CISO), you will be responsible for establishing,\ implementing, and maintaining a comprehensive information security program that protects Company's digital assets, customer data, and business operations. This critical leadership role requires building security frameworks that support our rapid growth across rural India while ensuring compliance with RBI, IRDAI, and data protection regulations. You will safeguard the trust of our 150,000+ served households and our expanding franchise network.
Key Responsibilities
Strategic Leadership & Governance
- Develop and execute a comprehensive information security strategy aligned with company's business objectives and growth trajectory
- Establish and maintain an enterprise-wide information security governance framework, policies, standards, and procedures
- Build and lead a security vertical capable of supporting our distributed operations across 38,000+ villages
- Serve as the primary security advisor to the CEO, Board of Directors, and senior leadership team
- Own the security budget and ensure optimal resource allocation for maximum risk reduction
Risk Management & Compliance
- Design and implement a robust risk management framework for identifying, assessing, and mitigating information security risks
- Ensure compliance with RBI cybersecurity guidelines for NBFCs and digital lending regulations
- Maintain compliance with IRDAI requirements for insurance distribution and data protection
- Oversee compliance with IT Act 2000, Digital Personal Data Protection Act (DPDPA) 2023, and other relevant Indian regulations
- Manage third-party security assessments, audits, and certifications (ISO 27001,SOC 2, etc.)
- Conduct regular security risk assessments and present findings to senior management and board
Security Architecture & Operations
- Design secure technology architecture for our digital lending platform, mobile applications, and franchise management systems
- Implement and oversee security operations center (SOC) capabilities including monitoring, incident detection, and response
- Establish robust identity and access management (IAM) frameworks for employees, franchise partners, and customers
- Secure our data infrastructure including customer KYC data, financial records, and transaction information
- Implement data loss prevention (DLP), encryption, and data classification programs
- Secure API integrations with banking partners, insurance providers, and other third-party systems
Fraud Prevention & Detection
- Develop and implement comprehensive fraud detection and prevention strategies for lending and insurance operations
- Establish controls to prevent identity theft, application fraud, and account takeover across our digital channels
- Implement transaction monitoring and anomaly detection systems
- Work closely with risk and operations teams to balance security controls with customer experience
- Build fraud awareness programs for our Branches and franchise network Incident Response & Business Continuity
- Develop and maintain incident response plans, procedures, and playbooks
- Lead security incident response efforts and coordinate with relevant stakeholders
- Establish business continuity and disaster recovery plans for critical systems
- Conduct regular tabletop exercises and security drills Manage communication protocols for security incidents including customer notification and regulatory reporting
Security for Distributed Operations
- Design security frameworks for our 170+ Branches
- Secure mobile-first and oine-capable systems used in rural areas with limited connectivity
- Implement secure authentication and authorization for franchise partners accessing customer data
- Develop security training programs for franchise partners and field staff
- Ensure secure device management for tablets used in rural operations
Vendor & Third-Party Risk Management
- Establish vendor security assessment and ongoing monitoring programs
- Manage security requirements for partnerships with banks, insurance companies, and technology providers
- Conduct security due diligence for new vendor relationships and integrations
- Ensure contractual security obligations are met by all third parties Security Awareness & Culture
- Build a security-first culture across the organization
- Develop and deliver comprehensive security awareness training programs
- Conduct regular phishing simulations and security awareness campaigns
- Create security champions program across different business units
- Ensure security training is culturally appropriate for our diverse workforce including rural franchise partners
Required Qualifications
Education
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (Master's degree preferred)
- Professional security certifications required: CISSP , CISM, or equivalent
- Additional certifications valued: CISA, CEH, CGEIT , CRISC, or cloud security certificationsExperience
- 12+ years of progressive experience in information security, with at least 5 years in leadership roles
- Experience in financial services, fintech, or NBFC environment strongly preferred
- Proven track record of building security programs from ground up in high-growth organizations
- Experience securing distributed operations, mobile-first platforms, and franchise/agent networks
- Deep understanding of Indian regulatory landscape (RBI, IRDAI, DPDPA, IT Act)
- Experience working with board-level stakeholders and presenting to executive leadership
Technical Expertise
- Deep knowledge of security frameworks (NIST , ISO 27001, CIS Controls)
- Expertise in cloud security (AWS, Azure, GCP)
- Strong understanding of application security, API security, and secure SDLC
- Experience with security tools: SIEM, EDR, vulnerability management, penetration testing
- Knowledge of authentication technologies, encryption, and cryptography
- Understanding of mobile application security (Android, iOS)
- Familiarity with fraud detection systems and machine learning for security
- Demonstrable working knowledge of data privacy principles and data protection techniques including data minimization, pseudonymization, anonymization, and privacy by design
Domain Knowledge
- Knowledge of digital lending regulations and RBI guidelines
- Awareness of rural market dynamics and challenges of serving distributed populations is a plus.
- Understanding of insurance distribution and regulatory requirements
Desired Attributes
Leadership & Communication
- Exceptional leadership skills with ability to build and inspire teams
- Outstanding communication skills with ability to translate technical security concepts to business stakeholders
- Experience influencing without authority and building consensus across organizations
- Track record of building security culture in fast-paced, growth-oriented environments
Strategic Thinking
- Ability to balance security requirements with business enablement
- Strategic mindset with ability to anticipate future threats and plan accordingly
- Experience making risk-based decisions in resource-constrained environments
- Innovative thinking to solve unique security challenges of rural fintech operations
Personal Qualities
- High integrity and ethical standards
- Passion for financial inclusion and serving rural India
- Adaptability and comfort with ambiguity in a high-growth startup environment
- Cultural sensitivity and ability to work with diverse teams and stakeholders
What We Offer
- Opportunity to build information security function at one of India's leading rural fintech platforms
- Direct impact on financial inclusion for millions of rural households
- Collaborative, mission-driven culture focused on serving aspiring rural India
- Competitive compensation package including equity participation
- Professional development opportunities and conference attendance
- Chance to solve unique security challenges at the intersection of fintech, rural markets, and franchise operations
Location
Pune, Maharashtra (with travel to branch locations and villages as needed)
Reports to:
