Director of Cyber Security

About Qapita

Unlocking the Power of Ownership Qapita is an equity management platform with offices in Singapore, India, and Indonesia. We partner with progressive enterprises to help them seed, build, harness, and eventually Unlock the Power of Ownership for their stakeholders. Our economy and its future is defined by innovation. Fueling this innovation is human capital, which has become far more powerful as ownership gets democratized and professionals become owners; as founders, as investors, and also as employees. Ownership is important. Ownership creates alignment. It also drives compounding, exponential returns. There's no true equity without equity. Our software solution streamlines the equity management process around Cap Tables, ESOPs, and transactions; Qapita Marketplace facilitates liquidity to ESOP holders and shareholders via structured buyback programs and secondary transactions. We are founded by three experienced cofounders, each with over twenty years of track record in investment banking, corporate venture capital, and technology sectors; and backed by East Ventures, Vulcan Capital, Nyca Partners, MassMutual Ventures, Endiya Partners, Citi, Alto Partners, and numerous marquee angel investors

About the Role

Experience: 8+ years in Information Security, with at least 2+ years in a leadership role within a FinTech or B2B SaaS environment.

Responsibilities

Strategy & Governance (GRC)

• Enterprise Security Strategy: Define and execute a roadmap that aligns security initiatives with business objectives, presenting risk profiles to the Board and CXOs.
• Regulatory Compliance: Ensure 100% compliance with RBI Master Directions, PCI-DSS, and DPDP Act 2023.
• SaaS Certifications: Lead and maintain SOC 1 & SOC 2 (Type II) and ISO 27001 audits to support enterprise sales cycles and build customer trust.
• Vendor Risk Management: Oversee third-party risk assessments and supply chain security for all partners and vendors.
• Lead customer security due diligence, RFP responses, and enterprise security assurance programs to accelerate sales cycles.

Product & Application Security (AppSec)

• DevSecOps Integration: Embed security into the CI/CD pipeline, ensuring secure SDLC practices that reduce deployment risk and accelerate delivery.
• Vulnerability Management: Manage end-to-end VAPT programs, including SAST/DAST code scans, bug bounty programs, and manual penetration testing.
• API & Cloud Security: Architect secure frameworks for our Cloud Infrastructure (AWS/Azure) and APIs, ensuring robust defense against modern web threats. Lead cloud security governance, including CSPM, container/Kubernetes security, and Infrastructure-as-Code (IaC) security controls.

Security Operations (SecOps) & Incident Response

• SOC Leadership: Direct 24/7 Security Operations, overseeing SIEM, DLP, WAF, and Endpoint Detection & Response (EDR) to ensure rapid threat detection.
• Incident Response: Lead the Incident Response Team (IRT); conduct tabletop drills, red-team exercises, and forensic investigations to minimize mean time to resolution (MTTR).
• Identity & Access: Oversee PAM (Privileged Access Management) and Zero Trust implementations.

Culture & Team Building

• Security Culture: Champion cybersecurity awareness programs across the organization to build a human firewall.
• Team Leadership: Mentor and scale a high-performing InfoSec team, fostering a culture of continuous learning and proactive defense.

Qualifications

Compliance Expertise: Deep knowledge of RBI Guidelines (Digital Payment Security), PCI-DSS, and ISO 27001 is non-negotiable. Experience with SOC 2 is highly preferred.

Required Skills

Technical Proficiency: Hands-on experience with Cloud Security (AWS/Azure), Network Security Architecture, and DevSecOps workflows.

Preferred Skills

Operational Excellence: Proven track record of setting up or managing a SOC, including experience with SIEM, EDR, and WAF tools.

Pay range and compensation package

Not specified in the job description.