Talent.com
Regional Chief Information Security Officer (CISO)

Regional Chief Information Security Officer (CISO)

ConfidentialMumbai, India
5 days ago
Job description

Boku Inc. (BOKU.L) is the leading global provider of local mobile-first payments solutions. Global brands including Amazon, DAZN, Meta, Google, Microsoft, Netflix, Sony, Spotify, and Tencent rely on Boku to reach millions of new paying consumers who do not use credit cards with our purpose-built payment network of more than 300 local payment methods across 70+ countries. Every year, Boku processes over $10 billion in value for our customers. Incorporated in 2008, Boku is headquartered in London and San Francisco and has employees in over 39 countries around the world, including Brazil, China, Estonia, Germany, Ireland, Japan, Singapore, and the UAE. Boku is a truly global company that takes pride in its diversity and thriving equal opportunity workplace.

Role Title : Regional Chief Information Security Officer (CISO)

Department : Security (India)

Reports to : MD, VP - Security and IT

Role Purpose

Lead and mature the India cybersecurity program for our alternative payment's platform—protecting customer data and transaction integrity, reducing operational and regulatory risk, and enabling compliant growth. The Regional CISO (India) partners closely with Group Security, Group GRC, local Compliance, and Operational Resilience (OpRes) to align policies and controls, uplift the India resilience programme, and drive the ongoing maturity of security capabilities

Key Responsibilities

Governance, Risk & Compliance (India)

  • Establish and maintain a Board-approved information & cyber security policy and India risk appetite.
  • Chair security governance forums; brief the India Board / Risk Committee quarterly on posture, incidents, and remediation status.
  • Run security awareness programs, secure-by-design training for engineering, and executive tabletop exercises.
  • Work in lockstep with Group Security and GRC to align policies, standards, control objectives, and risk taxonomies; coordinate with local Compliance to ensure country-specific obligations are embedded in the ISMS.

Regulatory compliance (India)

  • Ensure compliance with applicable RBI expectations for payment system operators and PA / PG entities, including data localisation, digital payment security, outsourcing, incident reporting, and system audit requirements.
  • Maintain an annual regulatory calendar; deliver all required filings, attestations, and audit artefacts on time.
  • Serve as the primary security point of contact for regulatory queries, inspections and supervisory engagements.
  • Partner with local Compliance to interpret new circulars and embed them into controls; collaborate with Group GRC to track compliance status and manage policy exceptions and dispensations.

    • Incident response & reporting (India)

  • Define and maintain a 24×7 incident response capability in coordination with Group Security (people, playbooks, tooling, SLAs).
  • Coordinate triage, contain / eradicate / recover, customer / merchant communications, RCA, corrective actions, and formal notifications to authorities when required.
  • Track MTTD / MTTR / MTTRc and other resilience metrics, drive lessons-learned and continuous improvement across teams.
  • Integrate crisis management and business continuity with Group reliance function; conduct appropriate tabletop exercises

    • Audit, assurance & continuous improvement

  • Act as the cybersecurity point of contract to lead communication with internal and external auditors.
  • Plan and deliver the annual system audit and independent assessments, track issues to sustainable closure with control owners.
  • Maintain audit-ready evidence repositories; partner with Group to run an audit readiness and inspection preparation program.
  • Define and enhance Cybersecurity dashboard and management reporting
  • Lead the India Cybersecurity & IT Steering Committee, ensuring prioritised remediation, funding, and accountable ownership.
  • Collaborate with Group Security on a multi-year capability roadmap and measure maturity against a recognised model.

    • Operational Resilience & Capability Maturity (India)

  • Support the India resilience programme with Operational Resilience and Group Security
  • Publish a security capability maturity plan for India, report progress to the Steering Committee and India Board.

    • Measures of Success

    Audit & Regulatory Compliance

  • 100% on-time RBI / NPCI filings, attestations, and responses.
  • Annual System Audit completed with 0 repeat findings; 95% of issues closed by agreed due dates (no >

    • 90-day aged items).

  • Policy alignment : India ISMS fully aligned to Group standards; 0 unmanaged policy exceptions (all have owners / expiries).

    • Regulatory Engagement & Inspections

  • Inspection outcomes : No supervisory penalties or adverse observations; all regulatory queries answered within 5 business days (or per notice).
  • Change readiness : New circulars assessed and embedded with evidence within 60 days (risk-based).

    • Operational Resilience & BCP / DR

  • RTO / RPO met in 99% of BCP / DR tests for critical payment flows.
  • 2 executive tabletop exercises / year (one regulator-style, one customer-impact scenario).

    • Third-Party & Outsourcing Risk

  • 100% of critical vendors reviewed annually, medium risk on cycle.
  • Contracts : Security clauses & right-to-audit in 100% of critical vendor contracts; exit / contingency plans documented.
  • Issues : 90% vendor findings closed by due date; RBI outsourcing register current.

    • Governance & Reporting

  • Quarterly Board / Risk Committee packs delivered on schedule; top risks with trendlines and treatment plans.
  • Risk posture : Reduction in Top-5 India risks severity or likelihood within 12 months; exception backlog reduced by 50% and all exceptions have time-bound dispensations.

    • Key Skills And Competencies

  • 12+ years in cyber security with 5+ years leading security for regulated financial services or payments in India.
  • Comfortable engaging with boards, senior regulators, banks, and large enterprise merchants.
  • Deep understanding of Indian payments ecosystems (e.g., UPI, cards, wallets) and the operating realities of PA / PGs.
  • Proven track record engaging Boards, regulators, banks / card networks, and large enterprise merchants.
  • Practical knowledge of RBI expectations for payment system operations and PA / PG entities
  • Familiar with India data-localisation norms, outsourcing oversight, digital payment security controls, tokenisation, and system audit expectations.
  • Experience preparing for and responding to regulatory inspections and audit queries; comfortable coordinating with CERT-In empanelled auditors.
  • Excellent written and verbal communication; able to simplify complex risk.
  • Willingness to travel for regulator and audit engagements (Mumbai)
  • Clean regulatory record and high integrity.
  • Clear, concise Board-level reporting and metrics; drives multi-year maturity roadmaps.
  • Strong collaboration with Group Security, Group GRC, local Compliance, Operational Resilience, and Internal Audit

    • Nice to Have

  • Experience with UPI, card acquiring, wallets, or direct bank integrations.
  • Exposure to SOC 2 / ISO attestations and customer security due-diligence cycles.
  • Familiarity with fraud risk, behavioural analytics, and payments risk engines

    • Qualifications

  • Bachelors in computer science / IT, Engineering or related field
  • Relevant certifications : CISSP, CISM, CRISC, ISO / IEC 27001 / ISO 31000 risk management certification Lead Implementer / Lead Auditor, CCSP; plus role-relevant SANS GIAC (e.g., GCIH / GCIA / GMON).
  • Cloud security certifications (e.g., AWS / Azure Security Specialty) and familiarity with PCI DSS (ISA / QSA exposure helpful).
  • Equivalent risk credentials also welcome : IRM International Diploma / Certificate in Risk Management, ISACA, PMI-RMP

    • Skills Required

    Regulatory Compliance, Risk Management, Security Governance, Incident Response, Cybersecurity, Cloud Security, Pci Dss

    Create a job alert for this search

    Chief Information Security Officer • Mumbai, India

    Related jobs
    • Promoted
    Information Technology Operations Manager

    Information Technology Operations Manager

    TransFiThane, IN
    TransFi powers the world’s payments, helping businesses and individuals access better ways to move money.Combining industry-leading coverage of currencies and payment methods, we deliver compliant ...Show moreLast updated: 1 day ago
    • Promoted
    Chief Information Security Officer

    Chief Information Security Officer

    Adani Electricitymumbai, maharashtra, in
    AEML powers one of India’s largest metropolitan areas, making cybersecurity a mission-critical function.This role safeguards the smart grid infrastructure, customer data, and digital control system...Show moreLast updated: 1 day ago
    • Promoted
    Manager - TPRM & ISO Information Security

    Manager - TPRM & ISO Information Security

    ConfidentialMumbai, Navi Mumbai
    Conduct third-party / vendor risk assessments.Monitor & manage third-party risk throughout the vendor lifecycle.Implement & maintain the ISO 27001aligned ISMS. Experience in TPRM, vendor risk, informa...Show moreLast updated: 30+ days ago
    • Promoted
    SOC Head

    SOC Head

    ConfidentialNavi Mumbai, Mumbai, India
    Responsible for managing the end-to-end operations and strategic evolution of our Security Operations Centre (SOC), Threat Hunting & Incident Response, Threat Intelligence, Digital Forensics, and S...Show moreLast updated: 5 days ago
    • Promoted
    Lead Network & Security Engineer (Hyperscalers – OCI / GCP)

    Lead Network & Security Engineer (Hyperscalers – OCI / GCP)

    Cloud4C Servicesdombivli, maharashtra, in
    Gartner’s Magic Quadrant (2021), is a leading automation-driven Cloud Managed Services Provider (MSP).We specialize in multi-cloud migration, management, and disaster recovery with zero data loss g...Show moreLast updated: 15 days ago
    • Promoted
    • New!
    Information Security Manager

    Information Security Manager

    GGVmumbai city, India
    The Information Security Lead will lead the enterprise security compliance agenda, ensuring full alignment with evolving regulatory frameworks such as. ISO 27001, DPDP Act, CERT-IN, ITGC, and ISO / IE...Show moreLast updated: 12 hours ago
    • Promoted
    Chief Information Security Officer

    Chief Information Security Officer

    XL Advisorsmumbai, maharashtra, in
    Chief Information Security Officer (CISO).The CISO will define and execute the.The role involves reporting to the.Board and executive leadership. ISO 27001, NIST, GDPR, and PCI-DSS.The candidate sho...Show moreLast updated: 21 days ago
    • Promoted
    • New!
    Vice President – Racetrack Infrastructure & Project Development

    Vice President – Racetrack Infrastructure & Project Development

    HouzeofJindalThane, IN
    Vice President – Infrastructure.Projects / Infrastructure Development.Infrastructure Development (Racetrack, Highways & Specialized Projects). We are seeking a visionary and accomplished professiona...Show moreLast updated: 15 hours ago
    • Promoted
    Information Security Analyst- Urgent-Thane

    Information Security Analyst- Urgent-Thane

    Aditya Birla Groupthane, maharashtra, in
    Job Description – Information Security Analyst (Defensive Security).Thane, Maharashtra, India (On-site).Job Description – Senior Information Security Analyst (SOC Function).Senior Information Secur...Show moreLast updated: 30+ days ago
    • Promoted
    Chief Information Security Officer

    Chief Information Security Officer

    LIGHTFOREST TECHNOLOGIES LLPThane, India
    Job Opening : Chief Information Security Officer (CISO) Location : Thane Employment Type : Full-Time | Senior ...Show moreLast updated: 30+ days ago
    • Promoted
    Chief Information Security Officer

    Chief Information Security Officer

    ConfidentialMumbai
    Strategic Direction & Policy Framework : .Define, develop, and maintain a business-aligned Information and Cybersecurity strategy. Establish and embed an Information Security Policy Framework that com...Show moreLast updated: 30+ days ago
    • Promoted
    Head of Information Security

    Head of Information Security

    Cube Consultancy ServicesMumbai, IN
    We are seeking a highly skilled and adaptable business analyst who focuses on technology and B2B distribution.This role involves working closely with both internal development teams and external cl...Show moreLast updated: 1 day ago
    • Promoted
    S P Jain School of Global Management - Chief Information Security Officer

    S P Jain School of Global Management - Chief Information Security Officer

    S P Jain School of Global Management Pvt LtdMumbai, India
    Description : We are looking for a highly experienced Chief Information Security Officer (CISO) to lead our cybersecurity, data privacy, and IT infrastructure across our global locations.T...Show moreLast updated: 6 days ago
    • Promoted
    • New!
    Information Security Analyst II

    Information Security Analyst II

    P Square Solutions LLCThane, IN
    Neology PSquare TechSystems (part of Neology Inc www.Industry - IT Product & Services and IT Consulting.Work Location - Smart City, Kochi, Kerala. Shift timing based on projects – typically day / even...Show moreLast updated: 15 hours ago
    • Promoted
    • New!
    Cyber Security Manager

    Cyber Security Manager

    CareerUS SolutionsKalyan-Dombivli, IN
    The Cyber Security Manager is responsible for.The Cyber Security Manager also leads a team of security professionals and collaborates across departments to strengthen the company’s overall.Develop,...Show moreLast updated: 9 hours ago
    • Promoted
    Sr. Lead - Cloud Security

    Sr. Lead - Cloud Security

    Sycamore Informatics Inc.Kalyan-Dombivli, IN
    Cloud security framework; Strong scripting skills with PowerShell and.Solid understanding of version control tools, particularly Git. Experience with cloud platforms, including AWS, Azure and GCP.Pr...Show moreLast updated: 30+ days ago
    • Promoted
    Information Security Manager

    Information Security Manager

    Ajanta Pharma Ltdmumbai, maharashtra, in
    Senior Manager – Information Security.The Senior Manager – Information Security will spearhead the development and execution of a comprehensive information security strategy that supports the organ...Show moreLast updated: 1 day ago
    • Promoted
    Vice President Enterprise Security (Vulnerability Management)

    Vice President Enterprise Security (Vulnerability Management)

    M&Gmumbai, maharashtra, in
    Vice President Enterprise Security (Vulnerability Management).The purpose of this role is to lead and oversee the organisation’s Vulnerability Management program. The role is responsible for managin...Show moreLast updated: 12 days ago