Chief Information Security Officer

Role Overview

The Chief Information Security Officer (CISO) will be responsible for defining and executing the enterprise-wide information security strategy for a mid-sized NBFC, ensuring regulatory compliance, cyber resilience, and alignment with business growth objectives.

Reporting & Structure

• Reports to: CRO / MD
• Leads: Information Security, SOC, Risk & Compliance teams

Key Responsibilities

1. Security Strategy & Governance

• Define and independently lead enterprise information security strategy
• Align with RBI, CERT-In, ISO 27001, DPDP Act, IT Act
• Translate security into business risk frameworks

2. Regulatory & Board Engagement

• Interface with:
• Board & Risk Committee
• RBI / CERT-In
• Lead audits, regulatory reviews, and compliance programs

3. Security Infrastructure & Transformation

• Build/scale end-to-end security architecture
• Set up or enhance SOC (SIEM, XDR, MSSPs, dashboards)
• Drive cloud, network, endpoint, and data security

4. Risk & Incident Management

• Establish enterprise-wide cyber risk framework
• Lead incident response, BCP, and resilience planning

5. Security Operations

• Oversee:
• Firewalls, patching, monitoring
• Threat detection and response
• Manage vendor ecosystem (MSSPs, OEMs)

6. Culture & Awareness

• Build a security-first culture
• Drive enterprise-wide awareness and training

7. Leadership & Stakeholder Management

• Lead high-performing IS teams
• Align security with business growth & AUM expansion

Candidate Profile

• BE/MCA
• 1222 years total experience
• 810+ years in IT/Information Security
• 810+ years in Banking/NBFC (Indian ecosystem)
• 35+ years as CISO / D-CISO / Security Head
• Experience in 3002000+ Cr AUM environment
• Certifications: CISM / CISSP / ISO 27001 / CISA
• Location: Mumbai / Pune preferred