Senior Information Security Manager

Job Overview:This role will drive the overall security strategy, ensure compliance with RBI, IRDAI, and ISO 27001 standards, and oversee governance, risk assessments, and incident response
The ideal candidate will manage a skilled InfoSec team, lead security architecture and operations, and foster a strong security culture across the organization They will also play a key role in securing cloud infrastructure, APIs, and third-party integrations in a dynamic fintech environment Job Responsibilities:- Define and execute an information security strategy aligned with business objectives and regulatory requirements, including RBI Master Directions, IT Framework, Outsourcing Guidelines, and IRDAI IS CS Guidelines - Lead/support security governance bodies such as the Information Security Committee (ISC) and Change Advisory Board (CAB); report to Board, Risk Management, and IT Steering Committees - Develop, update, and enforce comprehensive information security policies, procedures, and frameworks (ISMS), including ISO 27001:2022 implementation and maintenance Oversee implementation of security controls across people, processes, and technology; drive continuous improvement in security posture - Conduct cyber risk assessments, business impact analysis (BIA), and implement risk treatment, monitoring, and mitigation strategies - Manage third-party/vendor risks, ensuring proper controls and oversight are in place - Ensure customer data and personally identifiable information (PII) is protected through data classification, encryption (at rest/in transit), and data loss prevention (DLP) solutions - Design, oversee and manage security architecture, tools, and operations, including Security Operations Centre (SOC), Identity & Access Management (IAM), Privileged Access Management (PAM), vulnerability assessments, and network security (firewalls, VPN, IPSec) - Review and provide security recommendations on all change requests via CAB - Implement and oversee cloud security strategies for AWS/Azure environments and ensure secure integration of APIs with lending and fintech partners - Lead incident response, crisis management, and business continuity/disaster recovery (BCP/DR) plans; coordinate digital forensics and legal/law enforcement engagement when required - Lead and develop an information security team of 8 members; manage vendor relationships and build internal capabilities - Drive cross-functional collaboration across IT, Legal, Risk, Compliance, and Business teams to embed security in all functions Liaise with IT infrastructure teams for alignment with information security objectives - Oversee and run enterprise-wide security awareness initiatives, including phishing simulations and tailored role-based training programs Experience Requirements:- Minimum 8 years of experience in information technology and security with some experience in managerial/leadership roles- Experience with regulatory compliance- Hands-on experience with security frameworksTechnical Skills:- Security Frameworks: ISO 27001, NIST Cybersecurity Framework, COBIT- Risk Management: Risk assessment methodologies, GRC tools- Security Technologies: SIEM, DLP, IAM, PAM, Vulnerability Management, Endpoint Security- Cloud Security: AWS/Azure security, DevSecOps practices- Regulatory Knowledge: RBI IT Framework, Outsourcing Guidelines, Data Protection norms- Audit & Compliance: Internal/external audit processes, compliance reportingBudget: 15-25 LPA