Key Responsibilities 1. Security Governance & Compliance Implement and maintain security policies, SOPs, frameworks, and procedures. Ensure compliance with RBI PA/PG guidelines, KYC/AML, and data security mandates. Support audits and assessments for PCI-DSS, ISO 27001, SOC2, and CERT-In requirements. Coordinate with internal teams and external auditors for security assessments, VAPT, and risk reviews. Maintain security controls documentation, risk registers, and compliance dashboards. 2. Security Operations Monitor and manage security incidents, alerts, and vulnerabilities via SIEM tools. Assist in threat detection, incident response, and forensic investigations. Support implementation of endpoint security, DLP, IAM, network security, and cloud security controls. Conduct periodic security checks including access reviews, log monitoring, and privilege analysis. 3. Risk Management Identify, evaluate, and mitigate security risks across applications, infra, cloud, and networks. Perform regular risk assessments, vendor security evaluations, and third-party compliance checks. Develop risk mitigation plans and ensure closure of audit findings. 4. VAPT & Security Testing Coordinate and track internal and external VAPT for applications, APIs, mobile apps, cloud, and networks. Review and validate vulnerabilities, ensuring remediation and retesting. Work with engineering teams to integrate secure coding practices (SSDLC). 5. Cloud & Application Security Support cloud security measures across AWS/Azure/GCP environments. Ensure security hardening of servers, databases, microservices, and payment APIs. Work with developers to enforce OWASP, API security, and secure deployment standards. 6. Documentation & Training Prepare security reports, compliance documentation, incident logs, and risk summaries. Conduct employee security awareness sessions (Phishing, Password, Data Handling, etc.). Create training materials, run mock drills, and improve security culture. Required Skills & Competencies Technical Skills Strong understanding of PCI-DSS, ISO 27001, RBI PA/PG Security Requirements, KYC/AML norms. Hands-on experience with SIEM, DLP, IDS/IPS, Firewalls, WAF, Endpoint Security, and Cloud Security tools. Good understanding of OWASP Top 10, API Security Top 10, VAPT processes, and secure coding standards. Experience in incident response, security monitoring, and vulnerability management. Knowledge of network security, encryption standards, identity access management, and key management. Soft Skills Strong analytical and problem-solving ability. Excellent communication and documentation skills. Ability to work cross-functionally with Tech, DevOps, Product, Compliance, and Operations teams. High ownership, integrity, and attention to detail. Qualifications Bachelors degree in Computer Science / IT / Engineering (preferred). Certifications are a plus: CISA, CISM, ISO 27001 LA/LI, CEH, CompTIA Security+, CSA, PCI-DSS Implementer/Auditor Experience in fintech, payment gateway, payment aggregator, banking, or BFSI sector is strongly preferred.
Position Overview We are looking to hire a Chief Technology Officer (CTO) to lead the companys technology, information security, and systems architecture. Key Responsibilities - Own end-to-end technology architecture and roadmap - Design scalable and high-availability transaction systems - Lead engineering, DevOps, security, and QA teams - Handle RBI audits, compliance and inspections - Implement PCI-DSS, ISO 27001 and CERT-In frameworks - Oversee UPI, Cards, Net Banking, payouts and settlement systems - Manage banking and technology partners Experience: - 10+ years in fintech / banking technology - Minimum 5 years in leadership role - Mandatory RBI compliance experience Technical Skills: - Cloud systems (AWS/Azure/GCP) - API-based architecture - High-availability systems - Database and DevOps knowledge Compliance Knowledge: - RBI PA Guidelines - PCI-DSS, ISO 27001 - CERT-In requirements - DPDP Act Qualifications: - B.Tech / BE / MCA mandatory - Security certifications preferred Leadership Traits: - Strategic thinker - Compliance-focused - Strong people leader