INTRODUCTION
We are looking for a seasoned Information Security Lead to drive cybersecurity initiatives and ensure robust protection of our IT infrastructure, applications and end-user environments in a regulated NBFC. The ideal candidate will possess deep expertise in cyber risk management, regulatory compliance, and infrastructure, application, end-user security, and will play a critical role in safeguarding sensitive financial data and systems being used by Financial Services Organization India with a primary focus on the run time support.
Role Description
The person we are looking for should have 10+ years of experience cybersecurity and IT infrastructure, preferably in BFSI/NBFC/Financial Services. Strong understanding of RBI cybersecurity guidelines and financial sector compliance. Hands-on experience with security technologies (SIEM, firewalls, endpoint protection, cloud security). Certifications such as CISSP, CISM, CEH, or equivalent are highly preferred.
Key Responsibilities
Cybersecurity Strategy & Operations :
- Develop and implement a comprehensive cybersecurity framework aligned with RBI guidelines and industry best practices.
- Lead threat intelligence, monitoring, and incident response activities.
- Manage security operations including SIEM (zero trust network protocol ZTNA), endpoint protection, DLP, and vulnerability management.
- Conduct regular penetration testing and security audits. (Continuous red teaming/ purple teaming assessment and red teaming exercise)
IT Infrastructure Security
- Collaborate with infrastructure teams to secure networks, servers, cloud platforms, and endpoints.
- Ensure secure configuration and hardening of systems across on-prem and cloud environments.
- Oversee firewall policies, VPNs, IDS/IPS, and access control mechanisms.
- Support secure architecture design for core NBFC applications and platforms.
Application Security
- Integrate security into the software development lifecycle (SDLC) and DevSecOps practices.
- Conduct code reviews, static/dynamic analysis, and application vulnerability assessments.
- Collaborate with development teams to remediate security flaws and enforce secure coding standards.
- Implement and manage Web Application Firewalls (WAF) and API security controls.
End User Security
- Define and enforce endpoint security policies including antivirus, patching, and device control.
- Implement Identity & Access Management (IAM), Multi-Factor Authentication (MFA), and role based access controls.
- Lead security awareness and training programs for employees to reduce human risk factors.
- Monitor and respond to phishing, social engineering, and insider threat activities.
Governance, Risk & Compliance (GRC)
- Ensure compliance with RBI cybersecurity guidelines, ISO 27001, NIST, and other relevant standards.
- Maintain and update security policies, procedures, and documentation.
- Conduct risk assessments and implement mitigation plans.
- Liaise with auditors and regulators during inspections and reviews.
Leadership & Collaboration
- Lead cross-functional security initiatives and awareness programs.
- Act as a trusted advisor to senior management on cyber risks and mitigation strategies.
- Manage vendor relationships for security tools and services.
- Mentor junior security and infrastructure team members.
Preferred Skills
- Experience with cloud platforms (AWS, Azure) and hybrid environments.
- Familiarity with DevSecOps and secure SDLC practices.
- Strong analytical, communication, and stakeholder management skills.
- Ability to manage multiple priorities in a regulated, high-risk environment.
- Manages coordination at a local and international level where required
- Occasionally if needed, prepares maintenance plans and upgrading schedules for the applications
- Develops dashboards and reports for business and D & IT teams
Candidate Profile
- Bachelor's or master's degree in information security, Computer Science, or related field.
- 5+ years of experience in cybersecurity and IT infrastructure, preferably in BFSI/NBFC.
- Strong understanding of RBI cybersecurity guidelines and financial sector compliance.
- Hands-on experience with security technologies (SIEM, firewalls, endpoint protection, cloud security).
- Certifications such as CISSP, CISM, CEH, or equivalent are highly preferred.
- Knowledge on ITIL Framework and experience in Service Transition and Service Operations IT Service Lifecycle.
- Experience in handling large projects, especially financial critical applications would be an advantage.
- Familiar with Automotive Captive Finance Business and has experience of financial service application systems development or support.
- Flexible to support on weekends, holidays, and late evenings as per business needs especially on month-ends.
- Excellent communication skills in English
- Knowledge on Cloud Technologies and hands on experience in Azure, AWS and hybrid environments.
- Knowledge on Microsoft Power BI, Power Automation tools.
(ref:iimjobs.com)
