Head Information & Cyber Security, ME & KSA

About Us: Paytm is India's leading financial services platform offering full‑stack payments, financial and commerce solutions to over 300 million users and 20 million merchants. As we embark on our next phase of global growth we are expanding our presence into the Kingdom of Saudi Arabia (KSA) and broader Middle East (ME) markets with a sharp focus on digital payments, fintech solutions and merchant services.

About the Role: We are seeking an accomplished Cyber Security & Information leader to define and execute the regional security strategy for Paytm across Dubai & KSA markets. You will own the end‑to‑end security leadership: strategy & governance, risk & compliance, product and application security, data protection, threat management, cloud/platform security, third‑party assurance and business resilience. The ideal leader blends deep technical expertise with strong regulatory fluency in the GCC and has scaled security programs for high‑growth regulated fintechs/payments.

• Risk & Compliance: Own the Information Security Management System (ISMS) anchored on ISO/IEC 27001, NIST CSF and PCI DSS for payments. Ensure adherence to relevant regional frameworks including UAE Central Bank ISR/standards (for regulated entities), UAE PDPL, DIFC & ADGM data protection laws, Dubai DESC policies; national cyber: SAMA Cybersecurity Framework (as applicable), NCA, ECC/CCC, PDPL and guidance from CST (formerly CITC). Lead audits, certifications, attestations (e.g. PCI DSS, ISO 27001, SOC 2) and regulator/partner assessments; close findings with measurable risk reduction.
• Security Operations & Incident Response: Build and lead 24×7 detection & response (SOC) capabilities integrating threat intel, EDR/XDR, SIEM, SOAR and deception/honeypots. Establish incident management playbooks (IR, breach notification, forensics, eDiscovery) with clear RACI and crisis communications. Conduct red/blue/purple teaming tabletop exercises and continuous attack surface management across cloud and edge.
• Product, Application & Payments Security: Embed secure SDLC (S‑SDLC), architecture reviews, threat modeling, SAST/DAST/IAST, dependency & SCA, secrets hygiene and runtime protection (RASP). Lead payment security (tokenization, cryptography/HSM key management, 3D Secure, antifraud signal integration) with strong mobile & API security.
• Data Protection & Privacy: Implement data classification, DLP, encryption (at rest/in transit/in use), data minimization and privacy‑by‑design. Partner with Legal/Privacy on UAE PDPL, DIFC/ADGM DP and KSA PDPL obligations (lawful bases, cross‑border transfers, DPIAs, data subject rights, breach notification).
• Cloud Platform & Infrastructure Security: Govern multimodal cloud security (AWS/Azure/GCP), container/K8s hardening, identity & access (IAM, PAM, CIEM), network microsegmentation, secrets/PKI and zero‑trust architectures. Drive resilience: BCP/DR, RTO/RPO objectives, chaos testing, capacity & performance security.
• Third‑Party & Supply‑Chain Risk: Establish a robust vendor security assurance program (pre‑contract due diligence, ongoing monitoring, SBOM/SCRM, fourth‑party visibility). Ensure secure fintech/payments integrations with banks, card schemes, gateways and partners in UAE & KSA.
• Culture, Talent & Budget: Build and mentor a high‑performing diverse security team; define clear career frameworks and succession. Own security budgeting, ROI metrics and investment prioritization; champion a security‑first culture through training and executive engagement.
• Stakeholder & External Engagement: Serve as the senior security liaison for regulators, central banks, partners and auditors in the UAE and KSA. Represent Paytm at regional forums; contribute to policy consultations and industry working groups.

• 15 to 20 years of progressive security leadership with 5 years leading security for fintech/payments, digital banks or large‑scale consumer tech.
• Demonstrated success building and operating security programs across UAE and KSA (or broader GCC) with regulatory exposure.
• Strong command of PCI DSS, ISO 27001, NIST CSF, cloud security (CIS benchmarks) and privacy regimes (UAE & KSA PDPLs).
• Hands‑on depth across SOC/IR, cloud & application security, cryptography/HSM key management, IAM/PAM and third‑party risk.
• Executive communication and Board reporting; able to translate complex risks into business terms.
• Bachelor's degree in Computer Science/Engineering or related; advanced degree is a plus.

Be part of Paytm’s global expansion journey at a leadership level. Drive impact in high‑opportunity markets shaping the future of payments in the Middle East. Work with India’s most innovative fintech brand with strong backing, tech capability and ambition to scale globally.