About GreyLabs AI

GreyLabs AI is building the voice operating system for India’s BFSI. Our Agentic Voice AI platform helps banks, insurers, NBFCs, and fintechs automate and humanise millions of customer conversations - across sales, collections, customer service, and compliance - in multiple Indian languages.

In under two years, we’ve scaled to 50+ enterprise clients, including RBL Bank, AU Small Finance Bank, IDFC FIRST Bank, SBI Life, ICICI Prudential Life, Motilal Oswal - processing hundreds of millions of conversations. We raised ₹85 Crores in Series A funding led by Elevation Capital with Z47, and were recognised for “Best Use of AI in Fintech” at IFTA 2025.

The Role

We are seeking a seasoned Director of Information Security to own and elevate the organisation’s security posture while serving as the executive face of InfoSec to our Banking, Financial Services and Insurance (BFSI) clientele. This is a high-visibility leadership role combining hands-on technical depth, regulatory fluency (RBI, IRDAI, SEBI, PCI-DSS, ISO 27001, SOC 2, DPDP Act) and the boardroom presence to engage CISOs, CROs and audit committees of large financial institutions.

The successful candidate will be the final escalation point for all data-security decisions affecting the company and its clients - from architecting enterprise controls to defending those controls in front of regulators, auditors and BFSI buyers.

KEY RESPONSIBILITIES

The Director of Information Security will be accountable for the following:

Strategic Leadership & Data-Security Decisioning

• Define and own the enterprise information-security strategy, roadmap and annual InfoSec budget; secure board-level approval for security investments and risk acceptance.

• Serve as the final authority on data-security decisions - classification, retention, encryption standards, access governance, residency and cross-border transfer.

• Chair the Information Security Steering Committee; present quarterly cyber-risk dashboards to the CEO, Board Risk Committee and external auditors.

• Lead crisis response for security incidents - own breach notification, regulator disclosures and client communication within mandated timelines (CERT-In 6-hour, RBI 2/4/6-hour windows, DPDP breach reporting).

BFSI Client Engagement & Advisory

• Represent the organisation in client InfoSec reviews with banks, NBFCs, insurers, AMCs and capital-market intermediaries - including CISO-level meetings, RFP/security questionnaires (VAPT, BCP/DR, third-party risk) and on-site audits.

• Translate the company's security posture into client-friendly artefacts: control narratives, SoC 2 / ISO 27001 evidence packs, RBI cyber-security framework mapping, IRDAI ISNP and SEBI CSCRF responses.

• Act as trusted security advisor during pre-sales: shape deal-shaping security requirements, negotiate DPAs and security schedules, and unblock procurement gates with BFSI infosec teams.

• Build long-term CISO relationships across the BFSI ecosystem; convert audits and findings into commercial trust.

Governance, Risk & Compliance (GRC)

• Own and continuously mature the ISMS is aligned to ISO 27001:2022, SOC 2 Type II, PCI-DSS v4.0, NIST CSF 2.0 and the RBI Cyber Security Framework for Banks/NBFCs/UCBs.

• Ensure compliance with the DPDP Act 2023, GDPR (where applicable), HIPAA (if health-finance overlap), and emerging AI/ML governance norms.

• Lead enterprise risk assessments, third-party/vendor risk, and operational resilience programmes (DORA-aligned where serving global BFSI clients).

• Run internal and external audit cycles end-to-end; maintain a zero-major-finding audit posture.

Security Architecture & Operations Oversight

• Provide architectural direction across cloud (AWS/Azure/GCP), endpoint, network, application security (SAST/DAST/SCA), identity (IAM/PAM/Zero Trust) and data protection (DLP, encryption, tokenisation, key management/HSM).

• Oversee the SOC, threat-intelligence, vulnerability management, red-team and incident-response functions; define KRIs/KPIs and SLAs.

• Champion secure-by-design in product engineering - security gates in SDLC, threat modelling, secrets management and supply-chain security (SBOM, SLSA).

Team Leadership & Culture

• Build, mentor and retain a high-performing InfoSec team across GRC, SecOps, AppSec and Privacy.

• Drive a security-first culture company-wide through training, phishing simulations, tabletop exercises and executive briefings.

• Partner with HR, Legal, Engineering, IT and Sales to embed security into every business workflow.

REQUIRED QUALIFICATIONS & EXPERIENCE

• Bachelor's degree in Computer Science, Information Technology, Cyber Security or related discipline; Master's / MBA preferred.

• 8-10+ years of progressive experience in information security, with at least 5 years in roles directly serving or working inside BFSI organisations.

• Demonstrated experience leading client-facing security conversations with banks, NBFCs, insurers or capital-market firms - including audits, RFPs and steering-committee reviews.

• Proven ownership of company-wide data-security decisions: classification, encryption, access, data-residency, breach response and risk acceptance.

• Track record of building / scaling ISMS, achieving and maintaining ISO 27001 and SOC 2 Type II certifications.

• Hands-on familiarity with RBI Cyber Security Framework, IRDAI Information & Cyber Security Guidelines, SEBI CSCRF, PCI-DSS and the DPDP Act 2023.

Certifications (one or more strongly preferred)

• CISSP - Certified Information Systems Security Professional

• CISM - Certified Information Security Manager

• CISA - Certified Information Systems Auditor

• CRISC - Certified in Risk and Information Systems Control

• CCSP / cloud-specific (AWS / Azure / GCP security)

• ISO 27001 Lead Auditor / Lead Implementer

CORE TECHNICAL COMPETENCIES

• Cloud security architecture across AWS, Azure and GCP; container and Kubernetes security.

• Identity & access management, privileged access management, Zero Trust Network Access.

• Data protection: DLP, encryption-at-rest and in-transit, tokenisation, HSM / KMS, data discovery and classification.

• Application security: secure SDLC, threat modelling, SAST / DAST / SCA, API security, secrets management.

• SOC operations, SIEM/SOAR/XDR, threat intelligence, digital forensics and incident response.

• Third-party / supply-chain risk, BCP-DR, operational resilience and crisis management.

LEADERSHIP & BEHAVIOURAL ATTRIBUTES

• Executive presence - ability to hold the room with BFSI CISOs, CROs, audit committees and regulators.

• Commercial acumen - understands that security is a revenue enabler in BFSI deals, not just a cost centre.

• Decisive under pressure - comfortable making and defending data-security calls during incidents and audits.

• Communication - translates technical risk into business language for board, clients and engineers alike.

• Integrity & discretion - trusted with the company's and clients' most sensitive data.

• Builder's mindset - scales people, process and technology in a fast-growing environment.

Strong Signals

• Prior experience as a CISO / Deputy CISO at a bank, NBFC, insurer, fintech or BFSI-focused SaaS firm.

• Exposure to RegTech, fraud-risk platforms, payments / UPI security or core-banking integrations.

• Working knowledge of AI/ML security, model risk management and emerging GenAI threat landscape.

• Published thought leadership - speaking at industry forums (NASSCOM-DSCI, ISACA, IDRBT, Money2020) or contributions to standards bodies.

Why GreyLabs AI

• A hard problem in a large market. Securing a real-time, multilingual Voice AI platform handling sensitive customer conversations for India’s most regulated financial institutions - under RBI and IRDAI compliance requirements - is technically and regulatory complex. The security challenges here are not generic.

• Real scale, real compliance requirements. Hundreds of millions of conversations across 50+ BFSI enterprises means the data governance requirements, the compliance surface area, and the client expectations are all real. There is no shortage of interesting problems to work on.

• Scope to define the security direction. AI governance frameworks for regulated markets are still being written across the industry. At our current stage, the decisions you make will shape how the platform is built and what it becomes. You will not be maintaining someone else’s programme.

• Strong backing, proven team. Elevation Capital and Z47 are long-term partners invested in our vision. Our founders built and exited Cogno AI - they understand what it takes to build AI companies that earn enterprise trust.