Job description ofChief Information Security Officer (CISO)
Position: Chief Information Security Officer
Location: India, Bengaluru
Employment Type: Full-time
Department: Information Security
Reports To: CEO / CTO
Position Overview
We are seeking an experienced and strategic CISO to lead the organization's cybersecurity, information security, technology risk, and regulatory compliance functions.
The ideal candidate will have extensive experience within the Indian Banking, NBFC, FinTech, or Financial Services sector and a strong understanding of regulatory requirements issued by the RBI, CERT-In, NPCI, UIDAI, and other relevant authorities.
The CISO will be responsible for ensuring the effective implementation of the organization's information security framework, maintaining regulatory compliance, managing cyber risks, and protecting customer data, digital assets, payment systems, it-finance platform, and critical business operations.
Key Responsibilities
Information Security Strategy & Governance
· Ensure the implementation and ongoing support of the organization's Information Security Strategy in alignment with business objectives and regulatory requirements.
· Ensure compliance with and continuous improvement of the Information Security Governance, Risk, and Compliance framework.
· Oversee the preparation and reporting of information security posture, cyber risks, compliance status, and remediation initiatives to Executive Management, Board Committees, and regulatory authorities.
· Ensure adherence to and continuous enhancement of information security policies, standards, procedures, and control frameworks across the organization.
· Participate in IT Steering Committees, Information Security Committees, Risk Committees, and Board-level governance forums.
· Act as the primary advisor to senior management on cybersecurity, technology risks, and regulatory requirements.
Regulatory Compliance
- Ensure compliance with RBI Cyber Security Framework, Digital Lending Guidelines, CERT-In directives, and applicable regulatory requirements.
- Coordinate internal and external security audits, VAPT assessments, and regulatory reviews.
- Act as the primary security contact for regulators, auditors, and external assessors.
Cyber Risk & Security Operations
- Lead cyber risk management activities across business and technology functions.
- Oversee Security Operations Center (SOC), incident response, threat monitoring, and vulnerability management.
- Ensure timely detection, investigation, and remediation of cybersecurity incidents.
- Lead Cyber Crisis Management and Cyber Resilience initiatives.
Cloud & Technology Security
- Oversee security architecture for cloud and on-premises environments.
- Ensure effective implementation of IAM, PAM, encryption, endpoint security, and network security controls.
- Support secure delivery of digital lending, payment, and customer-facing platforms.
Third-Party Risk Management
- Establish and maintain Third-Party Risk Management (TPRM) processes.
- Conduct security assessments of vendors, fintech partners, cloud providers, and outsourced service providers.
- Ensure vendor compliance with contractual and regulatory security requirements.
Business Continuity & Disaster Recovery
- Oversee Business Continuity Planning (BCP), Disaster Recovery (DR), and Business Impact Analysis (BIA).
- Ensure regular testing of recovery and resilience capabilities
Required Qualifications
- Bachelor's or master’s degree in information security, Computer Science, Information Technology, or related field.
- 10+ years of experience in Information Security, Cybersecurity, IT Risk, or Technology Risk.
- Minimum 5 years of leadership experience in Banking, NBFC, FinTech, or Financial Services.
- Experience working with RBI regulations, audits, and cybersecurity requirements.
- Strong understanding of cloud security, cyber risk management, and regulatory compliance.
Mandatory Knowledge
- RBI Cyber Security Framework
- RBI Digital Lending Guidelines
- CERT-In Requirements
- Information Security Governance
- Cyber Risk Management
- SOC Operations
- Incident Response
- Vulnerability Management
- Cloud Security (AWS preferred)
- Third-Party Risk Management (TPRM)
- BCP & DR
- ISO 27001
Preferred Certifications
- CISSP
- CISM
- CISA
- CRISC
- ISO 27001 Lead Auditor / Lead Implementer
- CCSP
Preferred Experience
- Banking, NBFC, or Digital Lending environment.
- Payment systems (UPI, IMPS, NEFT, RTGS, SWIFT).
- SOC management and cybersecurity operations.
- RBI, CERT-In, ISO 27001, and PCI DSS audits.
- Vendor risk management and cloud-native environments.
Pay: ₹3,000,000.00 - ₹4,000,000.00 per year
Benefits:
Work Location: In person
