Chief Information Security Officer

Required Qualifications:

Education:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related fi eld (Master's degree preferred)
• Professional security certifications required: CISSP, CISM, or equivalent
• Additional certifications valued: CISA, CEH, CGEIT, CRISC, or cloud security certifications

Experience:

• 12+ years of progressive experience in information security, with at least 5 years in leadership roles
• Experience in financial services, fintech, or NBFC environment strongly preferred
• Proven track record of building security programs from ground up in high-growth organizations
• Experience securing distributed operations, mobile-first platforms, and franchise/agent networks
• Deep understanding of Indian regulatory landscape (RBI, IRDAI, DPDPA, IT Act)
• Experience working with board-level stakeholders and presenting to executive leadership
• Technical Expertise:
• Deep knowledge of security frameworks (NIST, ISO 27001, CIS Controls)
• Expertise in cloud security (AWS, Azure, GCP)
• Strong understanding of application security, API security, and secure SDLC
• Experience with security tools: SIEM, EDR, vulnerability management, penetration testing
• Knowledge of authentication technologies, encryption, and cryptography
• Understanding of mobile application security (Android, iOS)
• Familiarity with fraud detection systems and machine learning for security
• Demonstrable working knowledge of data privacy principles and data protection techniques including data minimization, pseudonymization, anonymization, and privacy by design

Domain Knowledge:

• Knowledge of digital lending regulations and RBI guidelines
• Awareness of rural market dynamics and challenges of serving distributed populations is a plus.
• Understanding of insurance distribution and regulatory requirements
  

Key Responsibilities:

Strategic Leadership & Governance:

• Develop and execute a comprehensive information security strategy aligned with business objectives and growth trajectory
• Establish and maintain an enterprise-wide information security governance framework, policies, standards, and procedures
• Build and lead a security vertical capable of supporting our distributed operations across 38,000+ villages
• Serve as the primary security advisor to the CEO, Board of Directors, and senior leadership team
• Own the security budget and ensure optimal resource allocation for maximum risk reduction

Risk Management & Compliance:

• Design and implement a robust risk management framework for identifying, assessing, and mitigating information security risks
• Ensure compliance with RBI cybersecurity guidelines for NBFCs and digital lending regulations
• Maintain compliance with IRDAI requirements for insurance distribution and data protection
• Oversee compliance with IT Act 2000, Digital Personal Data Protection Act (DPDPA) 2023, and other relevant Indian regulations
• Manage third-party security assessments, audits, and certifications (ISO 27001, SOC 2, etc.)
• Conduct regular security risk assessments and present findings to senior management and board

Security Architecture & Operations:

• Design secure technology architecture for our digital lending platform, mobile applications, and franchise management systems
• Implement and oversee security operations center (SOC) capabilities including monitoring, incident detection, and response
• Establish robust identity and access management (IAM) frameworks for employees, franchise partners, and customers
• Secure our data infrastructure including customer KYC data, financial records, and transaction information
• Implement data loss prevention (DLP), encryption, and data classification programs
• Secure API integrations with banking partners, insurance providers, and other third-party systems

Fraud Prevention & Detection:

• Develop and implement comprehensive fraud detection and prevention strategies for lending and insurance operations
• Establish controls to prevent identity theft, application fraud, and account takeover across our digital channels
• Implement transaction monitoring and anomaly detection systems
• Work closely with risk and operations teams to balance security controls with customer experience
• Build fraud awareness programs for our Branches and franchise network

Incident Response & Business Continuity:

• Develop and maintain incident response plans, procedures, and playbooks
• Lead security incident response efforts and coordinate with relevant stakeholders
• Establish business continuity and disaster recovery plans for critical systems
• Conduct regular tabletop exercises and security drills
• Manage communication protocols for security incidents including customer notification and regulatory reporting

Security for Distributed Operations:

• Design security frameworks for our 170+ Branches
• Secure mobile-first and offline-capable systems used in rural areas with limited connectivity
• Implement secure authentication and authorization for franchise partners accessing customer data
• Develop security training programs for franchise partners and fi eld staff
• Ensure secure device management for tablets used in rural operations

Vendor & Third-Party Risk Management:

• Establish vendor security assessment and ongoing monitoring programs
• Manage security requirements for partnerships with banks, insurance companies, and technology providers
• Conduct security due diligence for new vendor relationships and integrations
• Ensure contractual security obligations are met by all third parties

Security Awareness & Culture:

• Build a security-first culture across the organization
• Develop and deliver comprehensive security awareness training programs
• Conduct regular phishing simulations and security awareness campaigns
• Create security champions program across different business units
• Ensure security training is culturally appropriate for our diverse workforce including rural franchise partners

Our client is India's first household-centric, data-led high-tech, high-touch distribution platform to meet the growing aspirations of rural India with a bouquet of financial and productivity-enhancing offerings. Our client views rural households as cohesive economic units with strong and diversified community dynamics. This approach de-risks the household through better forward visibility and engagement with respect to household cash flows and income/asset creation. Our client's unique distribution platform leverages technology and data to empower a highly nimble on-ground presence. The platform leverages the company's location selection criteria, critical field-based market insights, micro-segmentation of households, and proprietary underwriting algorithms that factor in the frequency, variability, and resilience of incomes at household levels