Talent.com
Chief Information Security Officer (CISO) - Indian BFSI - 15 years+

Chief Information Security Officer (CISO) - Indian BFSI - 15 years+

datavrutiKalyan-Dombivli, IN
11 hours ago
Job description

Job Title : Chief Information Security Officer (CISO)

Location : Mumbai - Work From Office

Reporting To : Chief Risk Officer (with dual reporting to Board Risk / Audit Committee)

Sector : General Insurance

Experience : 15+ years in Information Security with leadership exposure in BFSI, ideally Insurance or FinTech

Salary : 50LPA+ based on fitment

Role Overview

  • The Chief Information Security Officer (CISO) will define and implement the company’s end-to-end Information Security framework, ensuring secure design, regulatory readiness, and operational resilience as the company moves from 0 to 1.
  • This is a strategic yet hands-on leadership role, ideal for someone who has managed security at scale in a regulated BFSI / Insurance environment, and now wants to build a secure-by-design foundation for a cloud-native, API-driven, AI-powered insurance platform.
  • The CISO will anticipate and pre-empt risks by leveraging prior experience, ensuring that the company’s technology-led innovation is always backed by enterprise-grade security and compliance discipline.

Key Responsibilities

1. Information Security Strategy & Governance

  • Define and implement the enterprise-wide Information Security strategy, encompassing governance, risk management, data protection, and cybersecurity.
  • Establish security policies, frameworks, and control baselines in alignment with IRDAI, CERT-In, ISO 27001, and DPDP Act.
  • Build a scalable ISMS (Information Security Management System) from the ground up.

    • 2. Cloud, Application & API Security

  • Review and work with engineering teams to develop secure architecture design for cloud-native systems, APIs, and microservices.
  • Review implemented automated controls for containerized and serverless environments.
  • Ensure security by design is baked into engineering processes through DevSecOps practices and CI / CD pipelines.

    • 3. Cybersecurity Operations & Threat Management

  • Set up and oversee Security Operations (SOC), including SIEM, SOAR, and vulnerability management.
  • Build detection and response capability tailored for API-driven, AI-heavy applications.
  • Lead threat intelligence, incident response, and post-incident reviews.

    • 4. AI & Data Security

  • Develop frameworks for secure and responsible AI / ML model governance, including data lineage, model access control, and risk mitigation for bias and data leakage.
  • Protect customer and training data in compliance with DPDP and data residency norms.

    • 5. Regulatory & Compliance Management

  • Ensure readiness for IRDAI cyber security and IT governance audits.
  • Collaborate with Compliance and Legal teams for ongoing adherence to regulatory reporting and certifications (ISO 27001, SOC 2, etc.).
  • Build documentation and audit trails for pre-emptive compliance.

    • 6. Third-Party & Ecosystem Security

  • Design and enforce Third-Party Risk Management (TPRM) framework for partners, TPAs, technology vendors, and data processors.
  • Conduct due diligence and continuous monitoring of vendor security posture.

    • 7. Business Continuity & Resilience

  • Establish cloud-native BCP / DR plans, aligned with IRDAI requirements.
  • Lead incident and crisis management drills to validate resilience under simulated failures.

    • 8. Security Culture & Awareness

  • Foster a security-first culture across engineering, product, and operations teams.
  • Conduct awareness programs, red / blue team simulations, and executive security workshops.

    • 9. Leadership & Board Engagement

  • Advise leadership and Board Risk / Audit Committee on key threats, mitigation strategies, and regulatory posture.
  • Build and mentor an internal security team capable of scaling with the business.

    • Desired Profile

  • 15+ years in Information Security, with at least 5 years in senior InfoSec roles at Insurance, NBFC, Bank, or FinTech.
  • Experience securing cloud-native, API-driven, or AI / ML-intensive platforms.
  • Strong grasp of IRDAI, CERT-In, DPDP Act, and global security standards.
  • Proven ability to design and operationalize security frameworks from zero, while ensuring future scalability.
  • Strong collaboration with Product, Engineering, and Risk teams.

    • Qualifications / Certifications

  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
  • Preferred certifications : CISSP, CISM, CCSP, ISO 27001 LA, AWS Security Specialty, CRISC.
  • Familiarity with frameworks like NIST CSF, Zero Trust Architecture, and OWASP API Security Top 10.

    • Key Behavioural Attributes

  • Strategic foresight backed by operational pragmatism.
  • Startup agility with an enterprise governance mindset.
  • Strong executive presence and regulatory confidence.
  • Builder-leader who can “set up from scratch” yet think “at scale.”
  • Ethical, transparent, and decisive under pressure.
    • Create a job alert for this search

    Information Security • Kalyan-Dombivli, IN