Chief Information Security Officer/Lead

Chief Information Security Officer/Information Security Lead

INTRODUCTION:

We are looking for a seasoned Information Security Lead to drive cybersecurity initiatives and ensure robust protection of our IT infrastructure, applications and end-user environments in a regulated NBFC. The ideal candidate will possess deep expertise in cyber risk management, regulatory compliance, and infrastructure, application, end-user security, and will play a critical role in safeguarding sensitive financial data and systems being used by Financial Services Organization India with a primary focus on the run time support.

ROLE DESCRIPTION:

The person we are looking for should have 10+ years of experience cybersecurity and IT infrastructure, preferably in BFSI/NBFC/Financial Services. Strong understanding of RBI cybersecurity guidelines and financial sector compliance. Hands-on experience with security technologies (SIEM, firewalls, endpoint protection, cloud security). Certifications such as CISSP, CISM, CEH, or equivalent are highly preferred.

KEY RESPONSIBILITIES:

Cybersecurity Strategy & Operations :

- Develop and implement a comprehensive cybersecurity framework aligned with RBI guidelines and industry best practices.

- Lead threat intelligence, monitoring, and incident response activities.

- Manage security operations including SIEM (zero trust network protocol ZTNA), endpoint protection, DLP, and vulnerability management.

- Conduct regular penetration testing and security audits. (Continuous red teaming/ purple teaming assessment and red teaming exercise)

IT Infrastructure Security:

- Collaborate with infrastructure teams to secure networks, servers, cloud platforms, and endpoints.

- Ensure secure configuration and hardening of systems across on-prem and cloud environments.

- Oversee firewall policies, VPNs, IDS/IPS, and access control mechanisms.

- Support secure architecture design for core NBFC applications and platforms.

Application Security:

- Integrate security into the software development lifecycle (SDLC) and DevSecOps practices.

- Conduct code reviews, static/dynamic analysis, and application vulnerability assessments.

- Collaborate with development teams to remediate security flaws and enforce secure coding standards.

- Implement and manage Web Application Firewalls (WAF) and API security controls.

End User Security:

- Define and enforce endpoint security policies including antivirus, patching, and device control.

- Implement Identity & Access Management (IAM), Multi-Factor Authentication (MFA), and role based access controls.

- Lead security awareness and training programs for employees to reduce human risk factors.

- Monitor and respond to phishing, social engineering, and insider threat activities.

Governance, Risk & Compliance (GRC):

- Ensure compliance with RBI cybersecurity guidelines, ISO 27001, NIST, and other relevant standards.

- Maintain and update security policies, procedures, and documentation.

- Conduct risk assessments and implement mitigation plans.

- Liaise with auditors and regulators during inspections and reviews.

Leadership & Collaboration:

- Lead cross-functional security initiatives and awareness programs.

- Act as a trusted advisor to senior management on cyber risks and mitigation strategies.

- Manage vendor relationships for security tools and services.

- Mentor junior security and infrastructure team members.

Preferred Skills:

- Experience with cloud platforms (AWS, Azure) and hybrid environments.

- Familiarity with DevSecOps and secure SDLC practices.

- Strong analytical, communication, and stakeholder management skills.

- Ability to manage multiple priorities in a regulated, high-risk environment.

- Manages coordination at a local and international level where required

- Occasionally if needed, prepares maintenance plans and upgrading schedules for the applications

- Develops dashboards and reports for business and D & IT teams

CANDIDATE PROFILE:

- Bachelor's or master's degree in information security, Computer Science, or related field.

- 5+ years of experience in cybersecurity and IT infrastructure, preferably in BFSI/NBFC.

- Strong understanding of RBI cybersecurity guidelines and financial sector compliance.

- Hands-on experience with security technologies (SIEM, firewalls, endpoint protection, cloud security).

- Certifications such as CISSP, CISM, CEH, or equivalent are highly preferred.

- Knowledge on ITIL Framework and experience in Service Transition and Service Operations IT Service Lifecycle.

- Experience in handling large projects, especially financial critical applications would be an advantage.

- Familiar with Automotive Captive Finance Business and has experience of financial service application systems development or support.

- Flexible to support on weekends, holidays, and late evenings as per business needs especially on month-ends.

- Excellent communication skills in English

- Knowledge on Cloud Technologies and hands on experience in Azure, AWS and hybrid environments.

- Knowledge on Microsoft Power BI, Power Automation tools.