Head – Information Security & Compliance Full Time

Role Overview

We are seeking a high-calibre professional with an ownership mindset to lead our Cybersecurity functions. This is a critical role within a regulated Financial Services environment, responsible for ensuring the availability, scalability, and security of our hybrid infrastructure. The successful candidate will bridge the gap between core systems administration and stringent regulatory compliance (SEBI CSCRF).

Core Responsibilities

1. SEBI Compliance & Governance (Primary Focus)

• CSCRF Ownership: Act as the primary custodian for the SEBI Cybersecurity & Cyber Resilience Framework (CSCRF).
• Audit Management: Lead the annual Self-Assessment and external audits.
• Committee Leadership: Set the agenda and present risk reports for the Quarterly IT Committee meetings.
• Policy Lifecycle: Maintain and update the Cyber Resilience, Risk Management, and COOP/Contingency plans.

2. Security Operations Oversight

• Managed Services Oversight: Manage the relationship with the third-party security company. Review the Functional Efficacy of the SOC half-yearly.
• Threat & Vulnerability Management: Coordinate all VAPT and Red Teaming exercises. Ensure all “High” and “Critical” vulnerabilities are patched by the IT team within SEBI-mandated timelines.
• Identity & Access Management (IAM): Conduct quarterly audits of Privileged User activities, delegated access, and unused tokens.

3. Infrastructure & Application Security

• Colo & Cloud Security: Oversee security configurations for the Cloud and the Trading Servers to ensure security.
• Endpoint Security: Manage security baselines for Mobile/Laptops/Desktops, ensuring EDR/Antivirus health.
• In-house App Security: Work with the dev team to ensure the internal applications follow secure coding practices and undergo regular security testing.

4. Incident Response & Resilience

• Drill Coordination: Design and execute Scenario-based Cyber Drills to test the firm’s ability to recover from ransomware or trading outages.
• Threat Hunting: Analyze quarterly Threat Hunting reports to identify patterns specific to the financial sector.
• ISO 27001: Lead the project to achieve the ISO 27001 latest version certification.

Candidate Requirements

• Experience: 8–12 years in IT Security, ideally within an AMC, AIF, or Broking firm governed by SEBI.
• Technical Knowledge: Familiarity with Hyper-V/VMware, M365/Salesforce security, and firewall management (Fortinet/CheckPoint).
• Certifications (Mandatory/Preferred): CISA (Certified Information Systems Auditor) or CISM (Certified Information Security Manager).
• Knowledge of ISO 27001 Lead Auditor standards.
• Soft Skills: Ability to translate complex technical risks into business language for the Board and IT Committee.