Senior Manager - Information Security

Department: Information Security / IT Risk & Cybersecurity

Location: Delhi

Industry: NBFC

Experience: 6+ years (including minimum 3+ years in NBFC)

Budget: 30 LPA All fixed

Role Summary

We are seeking a Senior Manager - Information Security to lead the organization's cybersecurity and information security function. As an NBFC that has recently transitioned into the RBI Middle Layer, this role will be instrumental in establishing strong security governance, regulatory compliance, and cyber risk management frameworks.

The role requires hands-on experience in implementing the ISO 27001 / ISO 27000 series framework, along with a strong understanding of RBI cybersecurity and IT governance guidelines for NBFCs. The incumbent will be responsible for building and managing the organization's Information Security Management System (ISMS), ensuring the protection of business systems, financial data, and customer information while supporting regulatory compliance.

Key Responsibilities

Information Security Governance

- Develop and implement the organization's information security strategy, policies, and procedures.

- Establish and manage the Information Security Management System (ISMS) in alignment with industry standards and regulatory requirements.

- Drive adoption of security best practices across technology and business functions.

Regulatory Compliance & Risk Management

- Ensure compliance with RBI IT Governance, Risk Management and Cyber Security Framework for NBFCs.

- Conduct information security risk assessments and mitigation planning.

- Support internal audits, regulatory audits, and compliance reviews related to cybersecurity and data protection.

ISO 27001 Implementation

- Lead end-to-end implementation of ISO 27001 / ISO 27000 series frameworks, including documentation, risk assessments, control implementation, and certification readiness.

- Conduct internal ISMS audits and continuous improvement initiatives.

Cybersecurity Operations

- Oversee vulnerability management, security monitoring, and incident response processes.

- Implement and monitor security controls across infrastructure, applications, and networks.

- Develop incident response and cyber resilience plans.

Data Security & Privacy

- Establish controls around data protection, data classification, access management, and secure handling of customer information.

- Work closely with compliance and technology teams to ensure data privacy and security adherence.

Third-Party & Vendor Risk

- Implement frameworks for third-party security risk assessments.

- Ensure vendors and partners comply with information security standards and regulatory expectations.

Security Awareness

- Drive organization-wide cybersecurity awareness and training programs.

- Promote a security-conscious culture across teams.

Mandatory Requirements

- 7+ years of total experience in information security, cybersecurity, or IT risk management.

- Minimum 3+ years of experience in an NBFC or financial services organization.

- Hands-on experience implementing ISO 27001 / ISO 27000 series frameworks.

- Strong understanding of RBI cybersecurity and IT governance guidelines for NBFCs.

- Experience managing security risk assessments, audits, and regulatory compliance initiatives.

Preferred Qualifications

- Certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer or Lead Auditor.

- Experience working with financial systems, digital lending platforms, or fintech environments.

- Familiarity with cloud security and enterprise cybersecurity frameworks.