Location: Bangalore | CTC: 25 to 30 LPA
We are looking for a Director Information Security for our client which is a VC funded Fintech Platform
Job Profile:
Ensure effective functioning of the Information Security function – managing policies & procedures, hardening of infrastructure and SDLC processes
Develop and maintain an information security strategy and roadmap aligned with organizational goals and industry best practices. Manage the Information Security Annual Operating Plan and budget and ensure adequate resources are allocated to support the function
Drive external regulatory compliances and audits
Drive adherence to Advisories, Circulars, Cert-In compliance and audits conducted by RBI.
Develop and manage the security incident response plan and ensure it is regularly tested and updated
Conduct regular risk assessments and vulnerability assessments to identify potential security risks, and develop and execute plans to mitigate these risks.
Collaborate with other functional areas of the organization, including legal, engineering, IT and operations, to ensure that security requirements are integrated into business processes and systems
Drive support for GTM teams in sales lifecycles and craft a narrative to convert opportunities into a win
Build and own relationships with CISO teams with partner banks and NBFCs.
Serve as a subject matter expert on information security matters and provide guidance and recommendations to senior management and other stakeholders
Requirements:
5 to 8 years of infosec experience
Must have experience working in a fast-paced B2B startup environment with an engineering team that has seen scale e.g. 5x-10x growth
Prior experience in running or managing a SOC
Prior experience with global compliances across US, EU and UAE.
Preferred Certifications: CISSP / CCSP / CISM
A good working knowledge of Information Security including ISO 27001/PCI-DSS and related Information Security Management Experience / Certification in review/audit or implementation of security architectures.
Knowledge of GDPR, DPDPA, their business implications and the merits of various technical approaches.
Knowledge of Data Centre, cloud architecture (AWS preferred), endpoint management and security technologies (SIEM, DLP etc.).
Exposure to Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Information security incident Response, and security compliance audits
Strong understanding of Information Security including threats, attacks, and vulnerability management
Understanding of Zero Trust concepts and architectures
Understanding of privacy by design
Deep expertise in Microservices, CI/CD builds, DevOps, Infrastructure-as-Code, Test-Driven Development (TDD), DevSecOps, and similar solutions & methodologies
Ability to articulate complex technology & risk management concepts to senior executives clearly and accurately portraying real risks and threats to the organization
Exposure to Platform Security, Data Security, Network Security, Cloud Security, Physical Security, Security Assessment Tools including SAST, DAST, and SCA, Security Monitoring Tools, and Managed Security Services
Excellent verbal and written communication skills, including the ability to explain technical contractual aspects to associates both technical and non-technical
Ability to build, configure, test and implement Cyber Security solutions
Ability to consistently execute against tight deadlines with incomplete or ambiguous information in rapidly changing environments around data protection and privacy.
Prior experience in managing RBI and bank audits