Information Security Manager

This is a full time role with our global client for their captive finance arm in Gurgaon.

Key objective-

The position will be responsible for ensuring regulatory compliance under RBI guidelines for NBFCs, managing internal policies, and driving the information security framework (data protection, IT audits, and cyber risk governance). The role ensures that wholesale lending operations remain compliant with statutory obligations and protected against information security risks, supporting business continuity and trust.

Duties and Responsibilities -

Information Security :

• Develop, implement, and monitor information security policies, standards, and procedures aligned with ISO 27001, RBI Cyber Security Framework, and IT Act.
• Conduct IT risk assessments, vendor security reviews, and penetration testing coordination with IT teams.
• Ensure data security controls for dealer financing systems, loan origination, and loan servicing platforms.
• Oversee access control, privileged account management, and incident response processes.
• Conduct periodic internal IS audits and coordinate with external auditors for compliance certifications.
• Implement Business Continuity & Disaster Recovery (BCP / DRP) protocols for critical applications.

Governance & Risk Management :

Knowledge and Skills -

Strong knowledge of NBFC regulatory framework, PMLA, KYC / AML, FEMA, Companies Act.

Education and Experience-

CA / CS / LLB / MBA Finance / PG in Risk / Compliance / B.Tech (IT) with certification in Information Security.

Certifications Preferred : CISA, CISM, ISO 27001 Lead Implementer, or equivalent.

Experience : 6+ years onwards in Compliance / Risk / Information Security, preferably in NBFCs, Banks, or Captive Finance (Automotive / Dealer Finance) setups.