Deputy CISO

Key responsibilities

Information Security Governance

• Own the ISMS - strategy, policies, standards, and continuous improvement • Chair the Information Security Committee; present quarterly to ITSC and RMCB • Drive security adoption across technology and business functions

RBI Compliance & Regulatory

• Ensure compliance with RBI IT Governance Master Direction 2023, Digital Lending Directions 2025, DPDPA, and IT Act

• Manage cyber incident reporting to CERT-In and RBI; co-ordinate with IB-CART • Support IS audits, regulatory reviews, and ACB reporting

ISO 27001 Implementation

• Lead end-to-end ISO 27001 certification - documentation, risk treatment, control implementation, internal audits

• Drive continuous improvement post-certification

Cybersecurity Operations

• Manage and monitor the Security Operations Centre (SOC)

• Oversee VA/PT programme across AWS production, Snowflake, LOS/LMS, and Lenovo Tab field infrastructure

• Own incident response and cyber resilience plans

Data Security & Privacy

• Enforce data classification, access controls, and privacy-by-design for customer data

• Demonstrable working knowledge of data minimisation, pseudonymisation, anonymisation, and privacy-by-design

Third-Party & Vendor Risk

• Drive security risk assessments for critical vendors

• Ensure vendor compliance with RBI IT Outsourcing Directions 2023

Security Awareness

• Build org-wide cybersecurity awareness, including field officer training for offline-first tablet infrastructure

• Embed a security-conscious culture across a distributed, rural-first workforce Requirements

Education Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field

• Master's degree preferred

• Professional security certifications required: CISSP, CISM, ISO 27001 Lead Implementer / Lead Auditor

• Additional certifications valued: CISA, CEH, CRISC, CGEIT, Cloud Security Experience

• 8-12 years total information security experience; 3+ years in a leadership or senior IC role (AVP/DVP level)

• Minimum 3 years in an NBFC, bank, or regulated financial services environment • Hands-on ISO 27001 / ISO 27000 series implementation through to certification • Deep understanding of RBI IT Governance, DPDPA, IRDAI, and IT Act compliance obligations

• Proven track record of building security programs from the ground up in high-growth organisations.

• Experience securing distributed operations, mobile-first platforms, and agent/franchise networks

• Comfort presenting to Board-level stakeholders and regulatory bodies

Technical Expertise

• Security frameworks: NIST, ISO 27001, CIS Controls

• Cloud security - AWS (primary), Azure, GCP

• Application security, API security, and secure SDLC

• Security tooling: SIEM, EDR, vulnerability management, penetration testing • Authentication technologies, encryption, and cryptography

• Mobile application security (Android / iOS)

• Familiarity with fraud detection systems and ML for security