Governance, Risk & Compliance (GRC)
- Ensure compliance with relevant regulations, standards, and frameworks (e.g., ISO 27001, NIST CSF, GDPR, PCI DSS).
- Lead risk assessments, security audits, and penetration testing programs.
- Develop incident response, disaster recovery, and business continuity plans.
- Oversee vendor risk management and third-party security due diligence.
Leadership & People Management
- Build and lead a high-performing information security team, including SOC analysts, security engineers, and risk specialists.
- Define roles, responsibilities, and career development paths within the security function.
- Foster a culture of security awareness across the organization through training and communication.
- Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes.
Stakeholder & External Engagement
- Serve as the primary point of contact for regulators, auditors, and external security partners.
- Engage with business leaders to balance security requirements with operational needs.
Skills & Competencies
- Good understanding of security and privacy frameworks: NIST CSF, ISO 27001, SOC 2, PCI-DSS, OWASP Top 10, etc.
- Knowledge of fintech regulatory landscape under RBI.
- Strong communication and stakeholder management skills.
- Ability to translate technical risk into business language for executives and stakeholders.
