Role Summary

The Information Security Manager – Governance, Risk & Compliance (GRC) will play a pivotal role in defining, implementing, and governing Pay10’s global information security framework. This role is responsible for driving a unified, risk-based, and compliance-oriented security posture across all Pay10 entities (India, UAE, and future regions).

You will design and oversee the execution of security policies, risk management frameworks, and regulatory compliance programs in alignment with global standards such as ISO 27001, PCI DSS, SOC 2, NIST CSF, and regional mandates including RBI Cyber Security Framework (India), CBUAE/NESA (UAE), GDPR (EU), and PDPL (UAE).

This position demands a strategic thinker with a strong understanding of governance, risk, and compliance in the FinTech and payments domain, capable of bridging global regulatory expectations with secure business operations.

Key Responsibilities

Governance & Policy Management

• Establish, maintain, and enforce global information security policies, standards, and procedures across all business units.
• Align security governance with ISO 27001, NIST CSF, and local regulatory expectations (RBI, CBUAE, GDPR, PDPL).
• Develop and implement global Information Security Governance Committee structure, including periodic board-level reporting.
• Conduct regular security awareness programs and phishing simulations across all regions.
• Drive continuous improvement through policy lifecycle management, reviews, and risk-based updates.

Regulatory Compliance & Audits

• Lead and coordinate regulatory compliance programs across Pay10’s operating entities (India, UAE, and other jurisdictions).
• Ensure adherence to standards and certifications such as PCI-DSS, ISO/IEC 27001, SOC 2, NESA, and GDPR/PDPL.
• Partner with Legal, Compliance, and Finance teams to address evolving data protection, privacy, and cybersecurity requirements.
• Plan and execute internal and external audits, including those mandated by regulators, banks, and investors.
• Manage audit readiness, evidence collection, and remediation tracking globally.
• Interface with regulatory bodies and partners on cybersecurity-related assessments and reports.

Risk Management & Third-Party Security

• Own the Enterprise Information Security Risk Management Framework, ensuring consistency across business units.
• Conduct and oversee periodic risk assessments for applications, infrastructure, and business processes.
• Maintain the enterprise risk register with defined ownership, mitigation plans, and status reporting to leadership.
• Lead vendor and third-party security risk management, ensuring due diligence and ongoing assurance of critical partners.
• Coordinate Application Risk Assessments (ARA) and integrate findings into product security roadmaps.

Security Operations Alignment & Oversight

• Collaborate with the Technical Security and SOC teams to ensure alignment between governance objectives and operational practices.
• Define minimum control baselines for cloud security, endpoint protection, IAM, DLP, and SIEM systems.
• Review threat, vulnerability, and incident reports to ensure risk-based decision-making and timely remediation.
• Promote DevSecOps integration across engineering and product functions for proactive security assurance.

Incident Response & Business Continuity

• Maintain and periodically test the Incident Response Plan (IRP) and Business Continuity/Disaster Recovery (BC/DR) frameworks.
• Lead post-incident reviews, ensuring lessons learned are captured and preventive measures implemented globally.
• Support regulatory and customer communication during major incidents in coordination with Legal and Compliance.
• Ensure alignment of IR and BCP/DR controls with regional resiliency requirements (RBI, CBUAE, etc.).

Global Reporting & Stakeholder Management

• Prepare and present risk, compliance, and security posture dashboards to regional leadership and the Global CISO.
• Collaborate with senior management, engineering, and compliance leaders to embed security into business and operational planning.
• Translate technical security and regulatory risk into business-oriented insights for decision-making.

Required Qualifications

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Technology, or a related discipline.
• Minimum 8–12 years of progressive experience in information security, governance, and risk management.
• Proven experience in FinTech, Payments, Banking, or other regulated financial environments.
• Strong knowledge of global data protection and cybersecurity frameworks (ISO 27001, PCI DSS, SOC 2, NIST CSF).
• Experience coordinating audits and assessments across multiple regions and regulatory jurisdictions.
• Demonstrated ability to lead global teams and cross-functional stakeholders.

Skills & Competencies

• Good understanding of security and privacy frameworks: NIST CSF, ISO 27001, SOC 2, PCI-DSS, OWASP Top 10, etc.
• Knowledge of fintech regulatory landscape under CBUAE.
• Experience in AWS security controls.
• Experience with application security in cloud-native environments.
• Familiarity with common FinTech architectures: microservices, APIs, mobile apps, open banking (e.g., PSD2).
• Strong communication and stakeholder management skills.
• Ability to translate technical risk into business language for executives and stakeholders.

Behavioral Attributes

• Strategic, analytical, and structured in approach.
• Strong sense of ownership and accountability.
• Capable of working across time zones and cultures.
• Influential communicator with a business-outcome mindset.