airtel Logo

Head of Information Security

airtel

All India, Gurugram 7 to 11 Yrs 1 month ago

Job Description

Role Overview:

You are a digital-first NBFC being built from the ground up and are in search of a hands-on Information Security Leader to establish and manage the company's cybersecurity, data protection, and IT governance framework. This role requires you to design, implement, and continuously enhance the organization's security posture across various aspects like infrastructure, applications, cloud, data, and third-party ecosystems in accordance with RBI guidelines and industry best practices. It is an execution-oriented role suitable for a high-potential professional who can construct security architecture from scratch in a fast-paced environment.

Key Responsibilities:

  • Establish and implement the Information Security Policy framework aligning with RBI IT Governance Directions.
  • Develop and maintain policies covering areas such as access control, data protection & encryption, incident response, vulnerability management, and third-party security.
  • Implement a structured risk assessment and control testing framework.
  • Design a secure architecture for cloud environments (AWS/Azure/GCP) and implement IAM controls, network segmentation, encryption (at rest & in transit), and secure DevOps practices.
  • Work closely with Product and Engineering teams to integrate security-by-design, conduct code reviews and vulnerability scans, perform VAPT (Vulnerability Assessment & Penetration Testing), and ensure secure API architecture and integration practices.
  • Ensure adherence to RBI IT Governance Guidelines, data localization requirements, KYC/AML data protection norms, support RBI inspections, and provide required documentation.
  • Establish Security Operations monitoring (SIEM or managed SOC), develop incident response playbooks, lead response to cybersecurity incidents or breaches, and conduct periodic tabletop exercises.
  • Conduct security due diligence for LOS/LMS vendors, cloud providers, collection partners, and outsourced service providers, and implement periodic third-party risk assessments.
  • Drive organization-wide security awareness training, ensure access controls and user privileges follow least-privilege principles, and promote a culture of cyber hygiene across teams.

Qualification Required:

  • Experience of 7-10 years in cybersecurity/information security, preferably in fintech, NBFC, bank, or regulated technology environment.
  • Hands-on exposure to cloud security, application security, SOC implementation, vulnerability management, and working with auditors and regulatory bodies.
  • Strong understanding of ISO 27001, NIST framework, RBI IT governance framework, knowledge of cloud-native security tools, ability to work cross-functionally, high ownership mindset, and execution orientation.
  • Education: Bachelor's degree in Engineering/Computer Science. Preferred certifications include CISSP/CISM/CEH/ISO 27001 Lead Implementer. Role Overview:

You are a digital-first NBFC being built from the ground up and are in search of a hands-on Information Security Leader to establish and manage the company's cybersecurity, data protection, and IT governance framework. This role requires you to design, implement, and continuously enhance the organization's security posture across various aspects like infrastructure, applications, cloud, data, and third-party ecosystems in accordance with RBI guidelines and industry best practices. It is an execution-oriented role suitable for a high-potential professional who can construct security architecture from scratch in a fast-paced environment.

Key Responsibilities:

  • Establish and implement the Information Security Policy framework aligning with RBI IT Governance Directions.
  • Develop and maintain policies covering areas such as access control, data protection & encryption, incident response, vulnerability management, and third-party security.
  • Implement a structured risk assessment and control testing framework.
  • Design a secure architecture for cloud environments (AWS/Azure/GCP) and implement IAM controls, network segmentation, encryption (at rest & in transit), and secure DevOps practices.
  • Work closely with Product and Engineering teams to integrate security-by-design, conduct code reviews and vulnerability scans, perform VAPT (Vulnerability Assessment & Penetration Testing), and ensure secure API architecture and integration practices.
  • Ensure adherence to RBI IT Governance Guidelines, data localization requirements, KYC/AML data protection norms, support RBI inspections, and provide required documentation.
  • Establish Security Operations monitoring (SIEM or managed SOC), develop incident response playbooks, lead response to cybersecurity incidents or breaches, and conduct periodic tabletop exercises.
  • Conduct security due diligence for LOS/LMS vendors, cloud providers, collection partners, and outsourced service providers, and implement periodic third-party risk assessments.
  • Drive organization-wide security awareness training, ensure access controls and user

Skills Required

Information Security IT Governance Cloud Security Encryption Vulnerability Management Regulatory Compliance Risk Management Cybersecurity Data Protection IAM Controls Network Segmentation Secure DevOps Practices Incident Response API Architecture Security Operations Monitoring Vendor Risk Management Security Awareness Training

Posted on: April 5, 2026