Job description:
Strategic Leadership:
- Develop and implement the enterprise-wide information security strategy, policies, and frameworks.
- Provide thought leadership on emerging cyber risks, threats, and technologies.
- Establish an enterprise security architecture aligned with business objectives.
- Represent information security at executive leadership meetings and board-level discussions.
Governance, Risk & Compliance (GRC):
- Ensure compliance with relevant regulations, standards, and frameworks (e.g., ISO 27001, NIST CSF, GDPR, PCI DSS).
- Lead risk assessments, security audits, and penetration testing programs.
- Develop incident response, disaster recovery, and business continuity plans.
- Oversee vendor risk management and third-party security due diligence.
Leadership & People Management:
- Build and lead a high-performing information security team, including SOC analysts, security engineers, and risk specialists.
- Define roles, responsibilities, and career development paths within the security function.
- Foster a culture of security awareness across the organization through training and communication.
- Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes.
DevSecOps & Application Security:
- Integrated security into CI/CD pipelines with automated tools:
- SSO SAST (e.g., SonarQube)
- DAST (e.g., OWASP ZAP)
- Dependency scanning (e.g., Snyk)
- Conducting secure code reviews, threat modelling, and application pen tests.
- Leding developer security awareness programs and secure coding bootcamps.
Threat Intelligence & Vulnerability Management:
- Set up continuous vulnerability management workflows using the relevant VM tools.
- Consumed and actioned threat intelligence feeds (CTI) to proactively defend against APTs and fraud campaigns.
- Correlating TI with internal telemetry to identify emerging threats specific to fintech and digital banking.
Data Protection & Privacy:
- Implemented technical and organizational measures (TOMs) for India DPDP compliance.
- Overseeing DLP, data classification, and encryption policies across Pay10 cloud environment.
- Preparing to conduct DPIAs and privacy-by-design assessments for new fintech products.
- Initiation of RoPA activities to document all records with Pay10 environment.
Stakeholder & External Engagement:
- Serve as the primary point of contact for regulators, auditors, and external security partners.
- Engage with business leaders to balance security requirements with operational needs.
- Build strong relationships with law enforcement, cybersecurity forums, and industry associations.
Incident Response & Business Continuity:
- Own the Incident Response Plan (IRP) and ensure proper training, testing, and refinement.
- Lead investigations into data breaches or security incidents and coordinate responses.
- Support business continuity and disaster recovery (BC/DR) planning and exercises.
