Head of Information Security

As a Strategic Information Security Leader, your role involves developing and implementing the enterprise-wide information security strategy, policies, and frameworks. You will provide thought leadership on emerging cyber risks, threats, and technologies, while establishing an enterprise security architecture aligned with business objectives. Additionally, you will represent information security at executive leadership meetings and board-level discussions. Key Responsibilities: - Ensure compliance with relevant regulations, standards, and frameworks such as ISO 27001, NIST CSF, GDPR, and PCI DSS. - Lead risk assessments, security audits, and penetration testing programs. - Develop incident response, disaster recovery, and business continuity plans. - Oversee vendor risk management and third-party security due diligence. Leadership & People Management: - Build and lead a high-performing information security team, defining roles, responsibilities, and career development paths within the security function. - Foster a culture of security awareness through training and communication. - Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes. DevSecOps & Application Security: - Integrate security into CI/CD pipelines with automated tools such as SSO SAST, DAST, and Dependency scanning. - Conduct secure code reviews, threat modeling, and application penetration tests. - Lead developer security awareness programs and secure coding boot camps. Threat Intelligence & Vulnerability Management: - Set up continuous vulnerability management workflows using relevant tools. - Utilize threat intelligence feeds to defend against APTs and fraud campaigns. - Correlate threat intelligence with internal telemetry to identify emerging threats in fintech and digital banking. Data Protection & Privacy: - Implement technical and organizational measures for India DPDP compliance. - Prepare to conduct DPIAs and privacy-by-design assessments for new fintech products. Stakeholder & External Engagement: - Serve as the primary point of contact for regulators, auditors, and external security partners. - Engage with business leaders to balance security requirements with operational needs. - Build strong relationships with law enforcement, cybersecurity forums, and industry associations. Incident Response & Business Continuity: - Own the Incident Response Plan (IRP) and lead investigations into data breaches or security incidents. - Support business continuity and disaster recovery planning and exercises. Qualifications Required: - Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field. - 12+ years of experience in cybersecurity. - Proven experience in Financial services, FinTech, or other regulated environments. Skills & Competencies: - Good understanding of security and privacy frameworks such as NIST CSF, ISO 27001, SOC 2, PCI-DSS, and OWASP Top 10. - Knowledge of fintech regulatory landscape under RBI. - Experience in AWS security controls and application security in cloud-native environments. - Familiarity with common FinTech architectures like microservices, APIs, mobile apps, and open banking (e.g., PSD2). - Strong communication and stakeholder management skills. - Ability to translate technical risks into business language for executives and stakeholders.,