Role Overview
We are seeking an Information Security Officer to lead and strengthen the information security framework of our NBFC / digital lending business. This role will be responsible for protecting customer, lending, and operational data across applications, infrastructure, employee access, and third-party integrations.
The ideal candidate should be able to combine security governance, audit readiness, risk control, and hands-on execution in a fast-moving lending environment.
Key Responsibilities
- Develop, implement, and maintain information security policies, controls, SOPs, and governance standards.
- Protect sensitive customer and business data including KYC documents, financial data, bureau data, underwriting data, repayment data, and internal operational information.
- Work closely with engineering and product teams to improve security across mobile apps, web platforms, APIs, admin panels, LOS/LMS, and internal systems.
- Oversee cloud, server, database, endpoint, network, backup, logging, MFA, and privileged access security controls.
- Conduct vulnerability assessments, risk reviews, access reviews, and control testing; maintain a security risk register and track remediation.
- Lead incident response for cyber events, data leakage, unauthorized access, phishing, malware, and vendor-related security issues.
- Conduct security due diligence and ongoing reviews for third-party vendors including KYC partners, bureau partners, payment providers, collections agencies, SaaS tools, and outsourced service providers.
- Support internal audits, partner due diligence, and regulatory reviews by maintaining policies, evidence, trackers, and remediation status.
- Strengthen employee access controls, segregation of duties, maker-checker controls, and exit/offboarding discipline.
- Conduct security awareness programs for employees, especially high-risk teams such as collections, customer support, finance, operations, and technology.
- Provide regular MIS and dashboards to management on incidents, vulnerabilities, audit findings, vendor risks, and control gaps.
Desired Candidate Profile
- 5–10 years of experience in information security, cybersecurity, IT risk, or security governance.
- Prior experience in NBFC, fintech, lending, banking, payments, or regulated financial services preferred.
- Strong understanding of application security, API security, cloud security, access management, data protection, vulnerability management, incident response, and third-party risk.
- Familiarity with lending lifecycle risks across onboarding, KYC, underwriting, disbursal, repayment, collections, and partner integrations.
- Strong documentation, audit handling, stakeholder coordination, and execution skills.
- Relevant certifications such as CISSP, CISM, ISO 27001, CEH, Security+ are preferred.
Key Success Metrics
- Reduction in critical and high-risk vulnerabilities
- Timely closure of audit and security findings
- Strong access control and review discipline
- Faster incident detection and response
- Improved vendor security coverage
- Stronger protection of customer and lending data
