Head of Information Security

Key Responsibilities :

Strategic Leadership

• Develop and implement the enterprise-wide information security strategy, policies, and frameworks.
• Provide thought leadership on emerging cyber risks, threats, and technologies.
• Establish an enterprise security architecture aligned with business objectives.
• Represent information security at executive leadership meetings and board-level discussions.

Governance, Risk & Compliance (GRC)

• Ensure compliance with relevant regulations, standards, and frameworks (e.g., ISO 27001, NIST CSF, GDPR, PCI DSS).
• Lead risk assessments, security audits, and penetration testing programs.
• Develop incident response, disaster recovery, and business continuity plans.
• Oversee vendor risk management and third-party security due diligence.

Leadership & People Management

• Build and lead a high-performing information security team, including SOC analysts, security engineers, and risk specialists.
• Define roles, responsibilities, and career development paths within the security function.
• Foster a culture of security awareness across the organization through training and communication.
• Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes.

DevSecOps & Application Security

• Integrated security into CI/CD pipelines with automated tools:
• SSO SAST (e.g., SonarQube)
• DAST (e.g., OWASP ZAP)
• Dependency scanning (e.g., Snyk)
• Conducting secure code reviews, threat modelling, and application pen tests.
• Leding developer security awareness programs and secure coding bootcamps.

Threat Intelligence & Vulnerability Management

• Set up continuous vulnerability management workflows using the relevant VM tools.
• Consumed and actioned threat intelligence feeds (CTI) to proactively defend against APTs and fraud campaigns.
• Correlating TI with internal telemetry to identify emerging threats specific to fintech and digital banking.

Data Protection & Privacy

• Implemented technical and organizational measures (TOMs) for India DPDP compliance.
• Overseeing DLP, data classification, and encryption policies across Pay10 cloud environment.
• Preparing to conduct DPIAs and privacy-by-design assessments for new fintech products.
• Initiation of RoPA activities to document all records with Pay10 environment.

Stakeholder & External Engagement

• Serve as the primary point of contact for regulators, auditors, and external security partners.
• Engage with business leaders to balance security requirements with operational needs.
• Build strong relationships with law enforcement, cybersecurity forums, and industry associations.

Incident Response & Business Continuity

• Own the Incident Response Plan (IRP) and ensure proper training, testing, and refinement.
• Lead investigations into data breaches or security incidents and coordinate responses.
• Support business continuity and disaster recovery (BC/DR) planning and exercises.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 12+ years of experience in cybersecurity.
• Proven experience in Financial services, FinTech, or other regulated environments.

Skills & Competencies

• Good understanding of security and privacy frameworks: NIST CSF, ISO 27001, SOC 2, PCI-DSS, OWASP Top 10, etc.
• Knowledge of fintech regulatory landscape under RBI.
• Experience in AWS security controls.
• Experience with application security in cloud-native environments.
• Familiarity with common FinTech architectures: microservices, APIs, mobile apps, open banking (e.g., PSD2).
• Strong communication and stakeholder management skills.
• Ability to translate technical risk into business language for executives and stakeholders.