Head of Information Security

Key Responsibilities :

Strategic Leadership

Develop and implement the enterprise-wide information security strategy, policies, and frameworks.

Provide thought leadership on emerging cyber risks, threats, and technologies.

Establish an enterprise security architecture aligned with business objectives.

Represent information security at executive leadership meetings and board-level discussions.

Governance, Risk & Compliance (GRC)

Ensure compliance with relevant regulations, standards, and frameworks (e.g., ISO 27001, NIST CSF, GDPR, PCI DSS).

Lead risk assessments, security audits, and penetration testing programs.

Develop incident response, disaster recovery, and business continuity plans.

Oversee vendor risk management and third-party security due diligence.

Leadership & People Management

Build and lead a high-performing information security team, including SOC analysts, security engineers, and risk specialists.

Define roles, responsibilities, and career development paths within the security function.

Foster a culture of security awareness across the organization through training and communication.

Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes.

DevSecOps & Application Security

Integrated security into CI / CD pipelines with automated tools :

SSO SAST (e.g., SonarQube)

DAST (e.g., OWASP ZAP)

Dependency scanning (e.g., Snyk)

Conducting secure code reviews, threat modelling, and application pen tests.

Leding developer security awareness programs and secure coding bootcamps.

Threat Intelligence & Vulnerability Management

Set up continuous vulnerability management workflows using the relevant VM tools.

Consumed and actioned threat intelligence feeds (CTI) to proactively defend against APTs and fraud campaigns.

Correlating TI with internal telemetry to identify emerging threats specific to fintech and digital banking.

Data Protection & Privacy

Implemented technical and organizational measures (TOMs) for India DPDP compliance.

Overseeing DLP, data classification, and encryption policies across Pay10 cloud environment.

Preparing to conduct DPIAs and privacy-by-design assessments for new fintech products.

Initiation of RoPA activities to document all records with Pay10 environment.

Stakeholder & External Engagement

Serve as the primary point of contact for regulators, auditors, and external security partners.

Engage with business leaders to balance security requirements with operational needs.

Build strong relationships with law enforcement, cybersecurity forums, and industry associations.

Incident Response & Business Continuity

Own the Incident Response Plan (IRP) and ensure proper training, testing, and refinement.

Lead investigations into data breaches or security incidents and coordinate responses.

Support business continuity and disaster recovery (BC / DR) planning and exercises.

Required Qualifications

Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.

12+ years of experience in cybersecurity.

Proven experience in Financial services, FinTech, or other regulated environments.

Skills & Competencies

Good understanding of security and privacy frameworks : NIST CSF, ISO 27001, SOC 2, PCI-DSS, OWASP Top 10, etc.

Knowledge of fintech regulatory landscape under RBI.

Experience in AWS security controls.

Experience with application security in cloud-native environments.

Familiarity with common FinTech architectures : microservices, APIs, mobile apps, open banking (e.g., PSD2).

Strong communication and stakeholder management skills.

Ability to translate technical risk into business language for executives and stakeholders.