Regional Chief Information Security Officer (CISO)Confidential • Mumbai, India
Regional Chief Information Security Officer (CISO)
Confidential • Mumbai, India
28 days ago
Job descriptionEnsure compliance with applicable RBI expectations for payment system operators and PA / PG entities, including data localisation, digital payment security, outsourcing, incident reporting, and system audit requirements. Maintain an annual regulatory calendar; deliver all required filings, attestations, and audit artefacts on time. Serve as the primary security point of contact for regulatory queries, inspections and supervisory engagements. Partner with local Compliance to interpret new circulars and embed them into controls; collaborate with Group GRC to track compliance status and manage policy exceptions and dispensations. Define and maintain a 24×7 incident response capability in coordination with Group Security (people, playbooks, tooling, SLAs). Coordinate triage, contain / eradicate / recover, customer / merchant communications, RCA, corrective actions, and formal notifications to authorities when required. Track MTTD / MTTR / MTTRc and other resilience metrics, drive lessons-learned and continuous improvement across teams. Integrate crisis management and business continuity with Group reliance function; conduct appropriate tabletop exercises Act as the cybersecurity point of contract to lead communication with internal and external auditors. Plan and deliver the annual system audit and independent assessments, track issues to sustainable closure with control owners. Maintain audit-ready evidence repositories; partner with Group to run an audit readiness and inspection preparation program. Define and enhance Cybersecurity dashboard and management reporting Lead the India Cybersecurity & IT Steering Committee, ensuring prioritised remediation, funding, and accountable ownership. Collaborate with Group Security on a multi-year capability roadmap and measure maturity against a recognised model. Support the India resilience programme with Operational Resilience and Group Security Publish a security capability maturity plan for India, report progress to the Steering Committee and India Board. 100% on-time RBI / NPCI filings, attestations, and responses. Annual System Audit completed with 0 repeat findings; ≥95% of issues closed by agreed due dates (no > Policy alignment : India ISMS fully aligned to Group standards; 0 unmanaged policy exceptions (all have owners / expiries). Inspection outcomes : No supervisory penalties or adverse observations; all regulatory queries answered within 5 business days (or per notice). Change readiness : New circulars assessed and embedded with evidence within 60 days (risk-based). RTO / RPO met in ≥99% of BCP / DR tests for critical payment flows. 2 executive tabletop exercises / year (one regulator-style, one customer-impact scenario). 100% of critical vendors reviewed annually, medium risk on cycle. Contracts : Security clauses & right-to-audit in 100% of critical vendor contracts; exit / contingency plans documented. Issues : ≥90% vendor findings closed by due date; RBI outsourcing register current. Quarterly Board / Risk Committee packs delivered on schedule; top risks with trendlines and treatment plans. Risk posture : Reduction in Top-5 India risks severity or likelihood within 12 months; exception backlog reduced by ≥50% and all exceptions have time-bound dispensations. 12+ years in cyber security with 5+ years leading security for regulated financial services or payments in India. Comfortable engaging with boards, senior regulators, banks, and large enterprise merchants. Deep understanding of Indian payments ecosystems (e.g., UPI, cards, wallets) and the operating realities of PA / PGs. Proven track record engaging Boards, regulators, banks / card networks, and large enterprise merchants. Practical knowledge of RBI expectations for payment system operations and PA / PG entities Familiar with India data-localisation norms, outsourcing oversight, digital payment security controls, tokenisation, and system audit expectations. Experience preparing for and responding to regulatory inspections and audit queries; comfortable coordinating with CERT-In empanelled auditors. Excellent written and verbal communication; able to simplify complex risk. Willingness to travel for regulator and audit engagements (Mumbai) Clean regulatory record and high integrity. Clear, concise Board-level reporting and metrics; drives multi-year maturity roadmaps. Strong collaboration with Group Security, Group GRC, local Compliance, Operational Resilience, and Internal Audit Experience with UPI, card acquiring, wallets, or direct bank integrations. Exposure to SOC 2 / ISO attestations and customer security due-diligence cycles. Familiarity with fraud risk, behavioural analytics, and payments risk engines Bachelors in computer science / IT, Engineering or related field Relevant certifications : CISSP, CISM, CRISC, ISO / IEC 27001 / ISO 31000 risk management certification Lead Implementer / Lead Auditor, CCSP; plus role-relevant SANS GIAC (e.g., GCIH / GCIA / GMON). Cloud security certifications (e.g., AWS / Azure Security Specialty) and familiarity with PCI DSS (ISA / QSA exposure helpful). Equivalent risk credentials also welcome : IRM International Diploma / Certificate in Risk Management, ISACA, PMI-RMP
Boku Inc. (BOKU.L) is the leading global provider of local mobile-first payments solutions. Global brands including Amazon, DAZN, Meta, Google, Microsoft, Netflix, Sony, Spotify, and Tencent rely on Boku to reach millions of new paying consumers who do not use credit cards with our purpose-built payment network of more than 300 local payment methods across 70+ countries. Every year, Boku processes over $10 billion in value for our customers. Incorporated in 2008, Boku is headquartered in London and San Francisco and has employees in over 39 countries around the world, including Brazil, China, Estonia, Germany, Ireland, Japan, Singapore, and the UAE. Boku is a truly global company that takes pride in its diversity and thriving equal opportunity workplace.
Role Title : Regional Chief Information Security Officer (CISO)
Department : Security (India)
Reports to : MD, VP - Security and IT
Location : Mumbai (Hybrid)
Role Purpose
Lead and mature the India cybersecurity program for our alternative payment's platform—protecting customer data and transaction integrity, reducing operational and regulatory risk, and enabling compliant growth. The Regional CISO (India) partners closely with Group Security, Group GRC, local Compliance, and Operational Resilience (OpRes) to align policies and controls, uplift the India resilience programme, and drive the ongoing maturity of security capabilities
Key Responsibilities
Governance, Risk & Compliance (India)
- Establish and maintain a Board-approved information & cyber security policy and India risk appetite.
- Chair security governance forums; brief the India Board / Risk Committee quarterly on posture, incidents, and remediation status.
- Run security awareness programs, secure-by-design training for engineering, and executive tabletop exercises.
- Work in lockstep with Group Security and GRC to align policies, standards, control objectives, and risk taxonomies; coordinate with local Compliance to ensure country-specific obligations are embedded in the ISMS.
Regulatory compliance (India)
Incident response & reporting (India)
Audit, assurance & continuous improvement
Operational Resilience & Capability Maturity (India)
Measures of Success
Audit & Regulatory Compliance
90-day aged items).
Regulatory Engagement & Inspections
Operational Resilience & BCP / DR
Third-Party & Outsourcing Risk
Governance & Reporting
Key Skills And Competencies
Nice to Have
Qualifications
Skills Required
Cloud Security, Cybersecurity, Regulatory Compliance, Incident Response, Cissp, System Audit, Risk Management, crisc , Cism
Create a job alert for this search
Chief Information Security Officer • Mumbai, India
Related jobs
)
Sr. Security Engineer - Information Security
PINKVILLA • Mumbai Metropolitan Region, India
Pinkvilla is seeking a dynamic Information Security professional, who will contribute to strengthening our security posture by working closely with cross-functional teams, monitoring threats, secur...Show more
Last updated: 6 days ago • Promoted
Chief Operating Officer
Museum of Solutions • Mumbai Metropolitan Region, India
The Museum of Solutions (MuSo) is a vibrant, 7-floor experiential and interactive museum designed to spark joy, curiosity, and action in children ages 3+ (and their grown-ups).We believe children a...Show more
Last updated: 6 days ago • Promoted
SOC Manager
Network Intelligence • Mumbai, Maharashtra, India
The SOC Manager will lead and mature the Security Operations Center (SOC), overseeing threat monitoring, detection, incident response, and overall security operations.
This role requires strong lead...Show more
Last updated: 15 days ago • Promoted
Chief Information Officer
Neemtree • Mumbai
Description : Job Opportunity : The is a senior role which involves leading Fintech and get to work amongst the sharpest of minds in the bankin...Show more
Last updated: 11 days ago • Promoted
Deputy Global Infrastructure and Security Operations Leader
iMerit Technology • Mumbai, IN
Deputy Global Infrastructure and Security Operations Leader.Willing to relocate to Pune, Coimbatore, or Bengaluru, with international impact.
Hybrid / Remote with frequent travel to global time zones,...Show more
Last updated: 5 days ago • Promoted
Director Information Technology Infrastructure
Cheers Interactive • Navi Mumbai, Maharashtra, India
We are seeking an experienced and innovative Director-IT Infra to lead our IT Infrastructure and IT Security teams.The ideal candidate will drive the management and strategic oversight of on premis...Show more
Last updated: 30+ days ago • Promoted
Senior Manager - Information Security
NMS Consultant • Mumbai
Description : The Senior Manager Information Security will spearhead the development and execution of a comprehensive information security strateg...Show more
Last updated: 30+ days ago • Promoted
Chief Information Security Officer
Confidential • Mumbai, India
Chief Information Security Officer (CISO).The CISO will define and execute the.The role involves reporting to the.Board and executive leadership.
ISO 27001, NIST, GDPR, and PCI-DSS.The candidate sho...Show more
Last updated: 28 days ago • Promoted
Vastu Housing Finance - Chief Information Security Officer
Vastu Housing Finance • Mumbai, India
Chief Information Security Officer Vastu Housing Finance Vastu Housing Finance Corporation Ltd.Headquartered in Mumbai, Vastu provides tailored home loan solutions to individua...Show more
Last updated: 9 days ago • Promoted
Lead - Information Security Audit
Alpha Orion • Mumbai, India
Lead IS Audit Job description The primary objective of Technology audits includes : - Ensure IT systems and...Show more
Last updated: 30+ days ago • Promoted
Natobotics - Vice President - SOC Manager
Natobotics • Mumbai, India
Role & Responsibilities : We are seeking an experienced and proactive SOC Manager to lead our 24x7 Global SOC team.The ideal candidate will be responsible for managing secu...Show more
Last updated: 30+ days ago • Promoted
Manager - Information Security
Hipos Consulting Services LLP • Mumbai
About : - Master's or bachelor's degree in information technology / Information Security / Computer Science, or a related field.
Information Security, specifically in ...Show more
Last updated: 30+ days ago • Promoted
Information Security Manager
Ajanta Pharma Ltd • Mumbai, Maharashtra, India
Senior Manager – Information Security.The Senior Manager – Information Security will spearhead the development and execution of a comprehensive information security strategy that supports the organ...Show more
Last updated: 24 days ago • Promoted
Information Technology Risk Manager
National Payments Corporation Of India (NPCI) • Mumbai, Maharashtra, India
We are looking for Operational IT Risk professional who have good experience into IT Risk.Mode of Operation : work from office.
Education : Engineering Background (BE / BTech into computer or equivalent...Show more
Last updated: 9 days ago • Promoted
Information Security / ITGC Audit
Digihelic Solutions Private Limited • Mumbai, India
Conduct IT General Controls (ITGC) and Information Security audits.Review compliance with ISO 27001, SOC, and IT security standards.
Evaluate access controls, change management, and incident respons...Show more
Last updated: 30+ days ago • Promoted
Senior IT Infrastructure Professional - CISA / CISM / CISSP
Employee Forums • Mumbai
Description : We are seeking an experienced Senior IT Infrastructure Professional to lead, scale, and secure our techno...Show more
Last updated: 25 days ago • Promoted
Chief Information Security Officer
Career Stone Consultant • Mumbai, India
The job purpose is to lead and implement comprehensive cybersecurity and information security.Responsible for data privacy protection, infrastructure security, vendor management, and fostering a.Se...Show more
Last updated: 15 days ago • Promoted
Chief Security Officer
Remal • Mumbai Metropolitan Region, India
Develop, implement, and enforce security SOP to safeguard employees, vehicles and visitors.Identify potential security threats and take preventive measures to minimize risks.Oversee entry and exit ...Show more
Last updated: 6 days ago • Promoted