Technical Security Manager

Job Title -

Technical Security Manager

Location - Delhi

Role Overview

The Technical Security Manager – Information Security will play a pivotal role in safeguarding Pay10’s technology infrastructure, applications, and network ecosystem across all operations within India.

This role combines hands-on cybersecurity expertise with strong technical control implementation and compliance oversight under RBI’s IT and Cybersecurity Framework for Payment System Operators.

The incumbent will be responsible for monitoring, detection, and response to threats, defining network and infrastructure controls, and ensuring compliance with relevant standards such as RBI IT Framework, PCI DSS, ISO 27001, SOC 2, and data localization requirements.

Key Responsibilities

1. Security Operations & Monitoring

Lead Security Operations Centre (SOC) activities, ensuring proactive detection, investigation, and response to security incidents.

Monitor and correlate events using SIEM platforms (e.g., Splunk, Sentinel, QRadar).

Conduct incident triage, root cause analysis, and coordinate timely containment and recovery.

Ensure adherence to RBI’s cyber incident reporting timelines (e.g., within 2–6 hours for major incidents).

Maintain incident management workflows and escalation processes in line with RBI standards.

Collaborate with Managed Security Service Providers (MSSPs) for continuous monitoring and log management.

2. Network & Infrastructure Security

Design, configure, and manage secure network architecture including firewalls, VPNs, WAF, IDS / IPS, and segmentation.

Ensure compliance with RBI-prescribed controls on hardening, patching, and security logging for payment systems.

Perform infrastructure vulnerability assessments and oversee timely patch management.

Maintain network topology, baseline configurations, and documentation for audit readiness.

Ensure all regulated data (cardholder, transaction, and PII) is stored, processed, and maintained only in data centers located in India, in compliance with RBI data localization mandates.

3. Cloud & Application Security

Oversee implementation of cloud security controls (CSPM, CWPP, IAM policies) for Pay10’s AWS, Azure, or hybrid environments.

Partner with DevOps to embed DevSecOps practices, including automated code reviews, SAST / DAST scanning, and secure CI / CD pipelines.

Conduct application security reviews and validate controls aligned to OWASP Top 10 and PCI DSS 4.0.

Secure APIs and integrations used in payment processing and fintech applications.

Review application security configurations for compliance with RBI and PCI-DSS encryption and key management requirements.

4. Threat & Vulnerability Management

Lead the end-to-end vulnerability management program, ensuring prompt detection, prioritization, and remediation.

Conduct periodic vulnerability scans, penetration testing, and red team assessments as required by RBI.

Maintain a central vulnerability register and track closure with IT, DevOps, and business teams.

Establish patch governance framework and periodic reporting to the CISO office.

Integrate threat intelligence sources to anticipate and mitigate emerging risks.

5. Access Control & Identity Management

Define and enforce Identity and Access Management (IAM) and Privileged Access Management (PAM) policies.

Implement least-privilege principles, multi-factor authentication (MFA), and SSO across all systems.

Conduct quarterly access reviews and entitlement audits to ensure compliance with RBI’s access control guidelines.

Maintain logs and reports for all privileged account activities as part of RBI’s audit trail requirements.

6. Compliance, Audit & Risk Management

Ensure compliance with :

RBI Cyber Security Framework for Payment System Operators

RBI Master Direction on IT Governance, Risk, Controls & Assurance Practices

PCI DSS, ISO 27001, and SOC 2 frameworks

Coordinate internal and external IT and cybersecurity audits.

Prepare and submit quarterly and annual IT & Cyber Risk reports to the CISO and Compliance Committee.

Support banking partner and regulator-driven audits with evidence, control documentation, and remediation tracking.

Maintain an up-to-date Information Security Risk Register and report risk status to management.

Conduct vendor risk assessments and due diligence before onboarding third-party service providers, ensuring alignment with RBI’s Third-Party Risk Management Guidelines.

7. Incident Response & Business Continuity

Maintain the Incident Response Plan (IRP) and ensure regular testing and updates.

Conduct incident simulations and tabletop exercises for critical applications.

Lead post-incident reviews and document lessons learned and preventive measures.

Ensure Business Continuity (BCP) and Disaster Recovery (DR) drills are conducted periodically, meeting RTO / RPO objectives.

Document and maintain all DR test results for submission during RBI or partner bank audits.

8. Awareness, Documentation & Reporting

Conduct security awareness and phishing simulation programs for Pay10 employees.

Maintain detailed documentation for :

Incident response

Risk registers

Vulnerability remediation

Audit evidence and compliance matrices

Develop and present cybersecurity posture dashboards and KPI reports for the CISO and management.

Conduct secure coding workshops and sessions for development and operations teams.

Required Qualifications

Bachelor’s degree in Cybersecurity, Computer Science, or Information Technology, or equivalent hands-on experience.

6–10 years of experience in technical cybersecurity operations and risk management.

Proven experience working in FinTech, banking, or other RBI-regulated financial environments.

Strong understanding of RBI IT & Cybersecurity Framework, PCI DSS, and ISO 27001.

Experience in incident management, network security, and vulnerability management.

Preferred Certifications

CISSP, CISM, or CISA (for governance and audit readiness).

CompTIA Security+, CEH, or GSEC (for technical skills).

ISO 27001 Lead Implementer / Auditor or PCI DSS ISA (for compliance management).

AWS Certified Security – Specialty or Azure Security Engineer Associate (for cloud security controls).

Technical Skills

Expertise with SIEM, EDR, and SOAR platforms (e.g., Splunk, Sentinel, CrowdStrike, Defender).

Strong command of network and infrastructure security tools (e.g., Fortinet, Palo Alto, Check Point).

Proficiency with vulnerability management tools (e.g., Qualys, Nessus, Rapid7, Tenable).

Familiarity with container orchestration and API security (Kubernetes, Docker).

Working knowledge of infrastructure-as-code tools (Terraform, Ansible).

Soft Skills & Attributes

Strong analytical and decision-making skills under pressure.

Excellent communication and stakeholder management abilities.

Proactive and organized approach to security control execution and compliance.

Collaborative and detail-oriented, capable of working closely with IT, DevOps, and Compliance teams.