Deputy CISO

Key responsibilities Information Security Governance • Own the ISMS - strategy, policies, standards, and continuous improvement • Chair the Information Security Committee; present quarterly to ITSC and RMCB • Drive security adoption across technology and business functions RBI Compliance & Regulatory • Ensure compliance with RBI IT Governance Master Direction 2023, Digital Lending Directions 2025, DPDPA, and IT Act • Manage cyber incident reporting to CERT-In and RBI; co-ordinate with IB-CART • Support IS audits, regulatory reviews, and ACB reporting ISO 27001 Implementation • Lead end-to-end ISO 27001 certification - documentation, risk treatment, control implementation, internal audits• Drive continuous improvement post-certification Cybersecurity Operations • Manage and monitor the Security Operations Centre (SOC) • Oversee VA/PT programme across AWS production, Snowflake, LOS/LMS, and Lenovo Tab field infrastructure • Own incident response and cyber resilience plans Data Security & Privacy • Enforce data classification, access controls, and privacy-by-design for customer data • Demonstrable working knowledge of data minimisation, pseudonymisation, anonymisation, and privacy-by-design Third-Party & Vendor Risk • Drive security risk assessments for critical vendors • Ensure vendor compliance with RBI IT Outsourcing Directions 2023 Security Awareness • Build org-wide cybersecurity awareness, including field officer training for offline-first tablet infrastructure • Embed a security-conscious culture across a distributed, rural-first workforce Requirements Education Qualifications • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field • Master's degree preferred • Professional security certifications required: CISSP, CISM, ISO 27001 Lead Implementer / Lead Auditor • Additional certifications valued: CISA, CEH, CRISC, CGEIT, Cloud Security Experience • 8-12 years total information security experience; 3+ years in a leadership or senior IC role (AVP/DVP level) • Minimum 3 years in an NBFC, bank, or regulated financial services environment • Hands-on ISO 27001 / ISO 27000 series implementation through to certification • Deep understanding of RBI IT Governance, DPDPA, IRDAI, and IT Act compliance obligations • Proven track record of building security programs from the ground up in high-growth organisations. • Experience securing distributed operations, mobile-first platforms, and agent/franchise networks • Comfort presenting to Board-level stakeholders and regulatory bodies Technical Expertise • Security frameworks: NIST, ISO 27001, CIS Controls • Cloud security - AWS (primary), Azure, GCP • Application security, API security, and secure SDLC • Security tooling: SIEM, EDR, vulnerability management, penetration testing • Authentication technologies, encryption, and cryptography • Mobile application security (Android / iOS) • Familiarity with fraud detection systems and ML for security

Apply Now