Information Security Manager

This is a full time role with our global client for their captive finance arm in Gurgaon.

Key objective-

The position will be responsible for ensuring regulatory compliance under RBI guidelines for NBFCs, managing internal policies, and driving the information security framework (data protection, IT audits, and cyber risk governance). The role ensures that wholesale lending operations remain compliant with statutory obligations and protected against information security risks, supporting business continuity and trust.

Duties and Responsibilities -

Information Security:

• Develop, implement, and monitor information security policies, standards, and procedures aligned with ISO 27001, RBI Cyber Security Framework, and IT Act.

• Conduct IT risk assessments, vendor security reviews, and penetration testing coordination with IT teams.

• Ensure data security controls for dealer financing systems, loan origination, and loan servicing platforms.

• Oversee access control, privileged account management, and incident response processes.

• Conduct periodic internal IS audits and coordinate with external auditors for compliance certifications.

• Implement Business Continuity & Disaster Recovery (BCP/DRP) protocols for critical applications.

Governance & Risk Management:

• Develop compliance dashboards and risk indicators for reporting to the Board / Risk Committee.

• Escalate non-compliance or security breaches and drive corrective actions.

• Liaise with legal, risk, IT, and external consultants on compliance/security matters.

• Track emerging regulatory and cybersecurity trends and recommend proactive measures.

Knowledge and Skills -

Strong knowledge of NBFC regulatory framework, PMLA, KYC/AML, FEMA, Companies Act.

• Familiarity with information security standards (ISO 27001, NIST, PCI DSS preferred).

• Experience in cybersecurity risk assessment, data protection, and IT audits.

• Strong stakeholder management (with RBI, auditors, and IT vendors).

• Analytical mindset with high attention to detail.

• Excellent written and verbal communication skills.

Education and Experience-

CA / CS / LLB / MBA Finance / PG in Risk/Compliance / B.Tech (IT) with certification in Information Security.

Certifications Preferred: CISA, CISM, ISO 27001 Lead Implementer, or equivalent.

Experience: 6+ years onwards in Compliance / Risk / Information Security, preferably in NBFCs, Banks, or Captive Finance (Automotive / Dealer Finance) setups.