Director - Information Security

Roles & Responsibilities :

- Ensure effective functioning of the Information Security function - managing policies & procedures, hardening of infrastructure and SDLC processes

- Develop and maintain an information security strategy and roadmap aligned with organizational goals and industry best practices. Manage the Information Security Annual Operating Plan and budget and ensure adequate resources are allocated to support the function

- Drive external regulatory compliances and audits

- Drive adherence to Advisories, Circulars, Cert-In compliance and audits conducted by RBI.

- Develop and manage the security incident response plan and ensure it is regularly tested and updated

- Conduct regular risk assessments and vulnerability assessments to identify potential security risks, and develop and execute plans to mitigate these risks.

- Collaborate with other functional areas of the organization, including legal, engineering, IT and operations, to ensure that security requirements are integrated into business processes and systems

- Drive support for GTM teams in sales lifecycles and craft a narrative to convert opportunities into a win

- Build and own relationships with CISO teams with partner banks and NBFCs.

- Serve as a subject matter expert on information security matters and provide guidance and recommendations to senior management and other stakeholders

Skills :

- A good working knowledge of Information Security including ISO 27001/PCI-DSS and related Information Security Management Experience / Certification in review/audit or implementation of security architectures.

- Knowledge of GDPR, DPDPA, their business implications and the merits of various technical approaches.

- Knowledge of Data Centre, cloud architecture (AWS preferred), endpoint management and security technologies (SIEM, DLP etc.).

- Exposure to Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Information security incident Response, and security compliance audits

- Strong understanding of Information Security including threats, attacks, and vulnerability management

- Understanding of Zero Trust concepts and architectures

- Understanding of privacy by design

- Deep expertise in Microservices, CI/CD builds, DevOps, Infrastructure-as-Code, Test-Driven Development (TDD), DevSecOps, and similar solutions & methodologies

- Ability to articulate complex technology & risk management concepts to senior executives clearly and accurately portraying real risks and threats to the organization

- Exposure to Platform Security, Data Security, Network Security, Cloud Security, Physical Security, Security Assessment Tools including SAST, DAST, and SCA, Security Monitoring Tools, and Managed Security Services

- Excellent verbal and written communication skills, including the ability to explain technical contractual aspects to associates both technical and non-technical

- Ability to build, configure, test and implement Cyber Security solutions

- Ability to consistently execute against tight deadlines with incomplete or ambiguous information in rapidly changing environments around data protection and privacy.

]- Prior experience in managing RBI and bank audits

Mandatory :

- Experience working in a fast-paced B2B startup environment with an engineering team that has seen scale e.g. 5x-10x growth

- Prior experience in running or managing a SOC

- Prior experience with global compliances across US, EU and UAE.

Preferred Certifications:

- CISSP

- CCSP

- CISM