Regional Chief Information Security Officer (CISO)Confidential • Mumbai, India
Regional Chief Information Security Officer (CISO)
Confidential • Mumbai, India
30+ days ago
Job descriptionEnsure compliance with applicable RBI expectations for payment system operators and PA / PG entities, including data localisation, digital payment security, outsourcing, incident reporting, and system audit requirements. Maintain an annual regulatory calendar; deliver all required filings, attestations, and audit artefacts on time. Serve as the primary security point of contact for regulatory queries, inspections and supervisory engagements. Partner with local Compliance to interpret new circulars and embed them into controls; collaborate with Group GRC to track compliance status and manage policy exceptions and dispensations. Define and maintain a 24×7 incident response capability in coordination with Group Security (people, playbooks, tooling, SLAs). Coordinate triage, contain / eradicate / recover, customer / merchant communications, RCA, corrective actions, and formal notifications to authorities when required. Track MTTD / MTTR / MTTRc and other resilience metrics, drive lessons-learned and continuous improvement across teams. Integrate crisis management and business continuity with Group reliance function; conduct appropriate tabletop exercises Act as the cybersecurity point of contract to lead communication with internal and external auditors. Plan and deliver the annual system audit and independent assessments, track issues to sustainable closure with control owners. Maintain audit-ready evidence repositories; partner with Group to run an audit readiness and inspection preparation program. Define and enhance Cybersecurity dashboard and management reporting Lead the India Cybersecurity & IT Steering Committee, ensuring prioritised remediation, funding, and accountable ownership. Collaborate with Group Security on a multi-year capability roadmap and measure maturity against a recognised model. Support the India resilience programme with Operational Resilience and Group Security Publish a security capability maturity plan for India, report progress to the Steering Committee and India Board. 100% on-time RBI / NPCI filings, attestations, and responses. Annual System Audit completed with 0 repeat findings; ≥95% of issues closed by agreed due dates (no > Policy alignment : India ISMS fully aligned to Group standards; 0 unmanaged policy exceptions (all have owners / expiries). Inspection outcomes : No supervisory penalties or adverse observations; all regulatory queries answered within 5 business days (or per notice). Change readiness : New circulars assessed and embedded with evidence within 60 days (risk-based). RTO / RPO met in ≥99% of BCP / DR tests for critical payment flows. 2 executive tabletop exercises / year (one regulator-style, one customer-impact scenario). 100% of critical vendors reviewed annually, medium risk on cycle. Contracts : Security clauses & right-to-audit in 100% of critical vendor contracts; exit / contingency plans documented. Issues : ≥90% vendor findings closed by due date; RBI outsourcing register current. Quarterly Board / Risk Committee packs delivered on schedule; top risks with trendlines and treatment plans. Risk posture : Reduction in Top-5 India risks severity or likelihood within 12 months; exception backlog reduced by ≥50% and all exceptions have time-bound dispensations. 12+ years in cyber security with 5+ years leading security for regulated financial services or payments in India. Comfortable engaging with boards, senior regulators, banks, and large enterprise merchants. Deep understanding of Indian payments ecosystems (e.g., UPI, cards, wallets) and the operating realities of PA / PGs. Proven track record engaging Boards, regulators, banks / card networks, and large enterprise merchants. Practical knowledge of RBI expectations for payment system operations and PA / PG entities Familiar with India data-localisation norms, outsourcing oversight, digital payment security controls, tokenisation, and system audit expectations. Experience preparing for and responding to regulatory inspections and audit queries; comfortable coordinating with CERT-In empanelled auditors. Excellent written and verbal communication; able to simplify complex risk. Willingness to travel for regulator and audit engagements (Mumbai) Clean regulatory record and high integrity. Clear, concise Board-level reporting and metrics; drives multi-year maturity roadmaps. Strong collaboration with Group Security, Group GRC, local Compliance, Operational Resilience, and Internal Audit Experience with UPI, card acquiring, wallets, or direct bank integrations. Exposure to SOC 2 / ISO attestations and customer security due-diligence cycles. Familiarity with fraud risk, behavioural analytics, and payments risk engines Bachelors in computer science / IT, Engineering or related field Relevant certifications : CISSP, CISM, CRISC, ISO / IEC 27001 / ISO 31000 risk management certification Lead Implementer / Lead Auditor, CCSP; plus role-relevant SANS GIAC (e.g., GCIH / GCIA / GMON). Cloud security certifications (e.g., AWS / Azure Security Specialty) and familiarity with PCI DSS (ISA / QSA exposure helpful). Equivalent risk credentials also welcome : IRM International Diploma / Certificate in Risk Management, ISACA, PMI-RMP
Boku Inc. (BOKU.L) is the leading global provider of local mobile-first payments solutions. Global brands including Amazon, DAZN, Meta, Google, Microsoft, Netflix, Sony, Spotify, and Tencent rely on Boku to reach millions of new paying consumers who do not use credit cards with our purpose-built payment network of more than 300 local payment methods across 70+ countries. Every year, Boku processes over $10 billion in value for our customers. Incorporated in 2008, Boku is headquartered in London and San Francisco and has employees in over 39 countries around the world, including Brazil, China, Estonia, Germany, Ireland, Japan, Singapore, and the UAE. Boku is a truly global company that takes pride in its diversity and thriving equal opportunity workplace.
Role Title : Regional Chief Information Security Officer (CISO)
Department : Security (India)
Reports to : MD, VP - Security and IT
Location : Mumbai (Hybrid)
Role Purpose
Lead and mature the India cybersecurity program for our alternative payment's platform—protecting customer data and transaction integrity, reducing operational and regulatory risk, and enabling compliant growth. The Regional CISO (India) partners closely with Group Security, Group GRC, local Compliance, and Operational Resilience (OpRes) to align policies and controls, uplift the India resilience programme, and drive the ongoing maturity of security capabilities
Key Responsibilities
Governance, Risk & Compliance (India)
- Establish and maintain a Board-approved information & cyber security policy and India risk appetite.
- Chair security governance forums; brief the India Board / Risk Committee quarterly on posture, incidents, and remediation status.
- Run security awareness programs, secure-by-design training for engineering, and executive tabletop exercises.
- Work in lockstep with Group Security and GRC to align policies, standards, control objectives, and risk taxonomies; coordinate with local Compliance to ensure country-specific obligations are embedded in the ISMS.
Regulatory compliance (India)
Incident response & reporting (India)
Audit, assurance & continuous improvement
Operational Resilience & Capability Maturity (India)
Measures of Success
Audit & Regulatory Compliance
90-day aged items).
Regulatory Engagement & Inspections
Operational Resilience & BCP / DR
Third-Party & Outsourcing Risk
Governance & Reporting
Key Skills And Competencies
Nice to Have
Qualifications
Skills Required
Cloud Security, Cybersecurity, Regulatory Compliance, Incident Response, Cissp, System Audit, Risk Management, crisc , Cism
Create a job alert for this search
Chief Information Security Officer • Mumbai, India
Related jobs
)
Lead Security Engineer
NTT Global Networks • Mumbai Metropolitan Region, India
Lead Engineer – Security Operations.Strong technical and subject matter expertise in at least four or more of the following security specialties : .
Firewall : Cisco, Palo Alto, Checkpoint, Fortinet, Z...Show more
Last updated: 30+ days ago • Promoted
Senior Manager - Cybersecurity & Infrastructure
Comaea Consulting • Mumbai, Maharashtra, India
Our client is a leading MNC in the maritime industry seeking a Senior Cybersecurity & Infrastructure Manager to strengthen and secure its global digital infrastructure across offices and fleet oper...Show more
Last updated: 30+ days ago • Promoted
SOC Manager
Network Intelligence • Mumbai, Maharashtra, India
The SOC Manager will lead and mature the Security Operations Center (SOC), overseeing threat monitoring, detection, incident response, and overall security operations.
This role requires strong lead...Show more
Last updated: 21 days ago • Promoted
Senior Application Security Manager
ARCON • Mumbai, Maharashtra, India
We are seeking a highly experienced and strategic-minded Senior Manager of Application Security to lead our security initiatives.
The ideal candidate will be a seasoned leader with a deep understand...Show more
Last updated: 30+ days ago • Promoted
Chief Information Security Officer
Career Stone Consultant • Mumbai, Maharashtra, India
The job purpose is to lead and implement comprehensive cybersecurity and information security.Responsible for data privacy protection, infrastructure security, vendor management, and fostering a.Se...Show more
Last updated: 23 days ago • Promoted
Senior IT Cloud Security Engineer
1551 Technology Solutions LLC • Mumbai, IN
To design, implement, and manage the organization’s end-to-end security posture across AWS and Azure cloud environments, endpoints, data, communications, and systems.
The role ensures Zero Trust pri...Show more
Last updated: 7 hours ago • Promoted • New!
Security Lead
Emeritus • Mumbai, Maharashtra, India
Daskalos is seeking a Security Lead to drive hands-on security across applications, cloud infrastructure and operations.This is a remote role for someone with 8-10 years of practical experience in ...Show more
Last updated: 9 days ago • Promoted
Vice President-Operational Risk
Mashreq • Mumbai, IN
The incumbent will provide strategic leadership and oversight for the implementation and enhancement of the bank’s operational risk and resilience framework.
This role is critical in ensuring the or...Show more
Last updated: 1 day ago • Promoted
Information Security Manager - US
Scrut Automation • Mumbai, IN
Job Description : Information Security Manager - US.Position : Information Security Manager - US.Shift Timing : 6 : 00 PM - 3 : 00 AM IST.
Scrut Automation is an information security and compliance monit...Show more
Last updated: 4 days ago • Promoted
Senior Manager – IT Risk, Audit & Compliance (ITGC / SOX / ERP Controls)
RGP • Mumbai, IN
RGP is seeking a highly experienced.Senior IT Risk & Assurance Consultant.SOX 404 / ICOFR Assessments, IT General Controls, ERP Security & Controls, Cybersecurity, Data Privacy, and Risk Advisory s...Show more
Last updated: 1 day ago • Promoted
Information Technology Risk Manager
National Payments Corporation Of India (NPCI) • Mumbai, Maharashtra, India
We are looking for Operational IT Risk professional who have good experience into IT Risk.Mode of Operation : work from office.
Education : Engineering Background (BE / BTech into computer or equivalent...Show more
Last updated: 15 days ago • Promoted
Director of Cyber Security
Wenger & Watson • Mumbai, Maharashtra, India
Director – Cyber Security (BFSI).Our client is seeking an experienced.BFSI cyber portfolio across the Indian domestic market.
This client-facing role demands strong cyber advisory expertise, deep un...Show more
Last updated: 30+ days ago • Promoted
Director of Product Security
WhiteSlips Job Management Consultants • Mumbai, IN
Advance and execute a software supply chain security development strategy to include Identify security risk and vulnerabilities across client's supply chain partners as well and track implementatio...Show more
Last updated: 9 days ago • Promoted
Security Operation Delivery Manager
Capgemini • Mumbai, IN
The Security Operation Delivery Manager is responsible for overseeing cybersecurity operations delivery, ensuring service excellence, and driving performance through data insights and stakeholder e...Show more
Last updated: 7 hours ago • Promoted • New!
Senior Information Technology Security Consultant
InfoBeans • Mumbai, Maharashtra, India
Senior Information Security Architect.Information Security Architect – Intermediate Level.I have copied both the JD's please check before applying.
We are seeking a Senior Information Security Archi...Show more
Last updated: 7 days ago • Promoted
Security Lead
BDx Data Centers • Navi Mumbai, Maharashtra, India
Provide timely and effective security incident response within a 24x7 SOC environment.Lead operation teams to effectively maintain the lifecycle of both on-premises and cloud-based security solutio...Show more
Last updated: 30+ days ago • Promoted
Head of Cyber Security
Aditya Birla Management Corporation Pvt Ltd • Mumbai, Maharashtra, India
The Head of Cyber Defence & Command Center (CDCC) will lead Aditya Birla Group’s state-of-the-art cyber defense operations, safeguarding 140+ locations, 40,000+ endpoints, and 4,000+ crown jewels a...Show more
Last updated: 9 hours ago • Promoted • New!
Vice President Digital Risk Policy
SMFG India Credit • Mumbai, Maharashtra, India
The incumbent would be responsible for Risk Policy & Risk management for multiple partnerships / own sourcing products under Digital lending vertical of the company.
Design, develop, and implement rob...Show more
Last updated: 1 day ago • Promoted