Deputy Vice President - Information Security

Location:

The role will lead the overall security posture of the Organisation and work closely with the IT, Risk, Compliance, and Business teams to ensure secure digital transformation, regulatory compliance, and resilience against cyber threats.

2. Key Responsibilities

• Develop and maintain the Information Security Strategy, Policy Framework, and Roadmap specific to housing finance operations.
• Establish security governance aligned with RBI, NHB, DPDP Act.
• Lead the Information Security Steering Committee for the subsidiary.
• Define KRIs/KPIs and present regular updates to the Board & Senior Management.

B. Cybersecurity Architecture & Implementation

• Design and maintain secure architecture for LOS/LMS systems, Core systems, APIs, cloud workloads, DLP, and network layers.
• Ensure strong protection for customer PII, Aadhaar, KYC data, and financial records.
• Lead implementation of controls across on-prem, hybrid, and cloud environments.
• Oversee security hardening of endpoints, servers, firewalls, mobile apps.

C. Cyber Risk Management

• Conduct periodic cyber risk assessments, vendor risk assessments, and secure design assessments.
• Build and maintain a Cyber Risk Register aligned with business priorities.
• Perform threat modeling for digital lending, online onboarding, collections systems, and APIs.

D. Data Protection & Privacy Compliance

• Ensure full compliance with:

• DPDP Act 2023

• RBI Cyber Security Framework for NBFCs & HFCs

• NHB Directions

• UIDAI Security Requirements

• Drive Data Classification, Data Flow Mapping, and secure handling of customer financial & personal data.

E. Security Monitoring, Detection & Incident Response

• Establish and manage SOC operations, SIEM, EDR/XDR, and threat intelligence processes.
• Build and maintain the Incident Response Plan, including cyber drills, tabletop exercises, and forensic readiness.
• Ensure 24x7 monitoring of critical systems used for housing loan disbursement, collection, and onboarding.

F. Business Continuity & Disaster Recovery

• Create and test Business Continuity Plans (BCP) and DR strategy for systems.
• Ensure cyber incident resilience and quick recovery from outages or cyberattacks.

H. Awareness & Culture

• Conduct ongoing cybersecurity awareness programs for employees, branches, and field staff.
• Promote secure usage of digital systems, emails, endpoints, and remote channels.

3. Required Qualifications & Experience

• Bachelors or Masters degree in Engineering/Technology/Computer Science/Information Security.
• Preferred: MBA or advanced degree in Cybersecurity.

Certifications (Good to Have)

• CISSP
• CISM
• CISA
• CEH
• CCSP
• ISO 27001 Lead Implementer/Lead Auditor

Experience

• 7-8 years of experience in Information Security in BFSI, preferably NBFC, HFC, or Banking.
• Strong experience in compliance with RBI/NHB guidelines.
• Hands-on experience with SOC, Incident Response, Cloud Security, DPDP Act implementation.
• Experience working with LOS/LMS systems, loan lifecycle security, and API integrations.

4. Key Skills & Competencies

• Security Architecture & Frameworks (NIST, ISO 27001, CIS Controls)
• Cloud Security (AWS/Azure)
• Network Security, Firewall, WAF, VPN, Zero Trust
• SOC, SIEM, EDR/XDR
• Secure Coding & DevSecOps
• Data Protection Technologies (DLP, Tokenization, Encryption, Key Management)
• Fraud Detection & Prevention (digital lending context)
• Threat Intelligence & Vulnerability Management

Leadership & Behavioural Skills

• Strong leadership in managing IS programs within financial institutions.
• Excellent communication skills with business, IT, and executive teams.
• Ability to influence decision-making and drive culture change.
• Strong crisis/incident management capability.

5. Reporting & Governance Structure

• Reports to:

  CRO

• Works closely with:
• IT Head
• Risk Management
• Compliance & Legal
• Operations & Branch Network
• Vendor Management