Director of Information Security

Job Location, Bangalore, India

Job Summary    

This role will work closely with the CISO to strengthen and enforce Bottomline’s information security posture in our India office.   

As Directory of Information Security, you will serve as the primary security leader embedded within our India office, acting as the bridge between the enterprise security organization and the cross functional business teams in the India office.  This role ensures security strategies, risks, and controls are aligned with business objectives, regulatory requirements, and enterprise risk appetite. The role drives risk reduction, improves security maturity, and helps business leaders make informed decisions through transparent, data driven security guidance.  The role will also be responsible to drive cybersecurity awareness across all Bottomline locations.   

The role reports to the CISO.      

Essential Functions and Responsibilities:  

• Strategic Partnership & Leadership 

• Serve as the trusted security advisor to business and technology leaders and functions in the India office.  

• Translate cybersecurity strategy into actionable business initiatives and communicate cyber risk in business relevant terms.  

• Shape and influence business roadmaps to incorporate secure by design principles.  

• Represent the CISO and enterprise security organization within the India office, ensuring two-way communication and alignment. 

• Drive reporting and awareness of key risk indicators in the local leadership session across the business and technology teams.   

• Communicate complex technical and risk topics clearly to business leaders, executives, and occasional board audiences. 

• Track control maturity and risk posture trends; identify opportunities for continuous improvement. 

Risk Management & Governance 

• Own and drive the cyber risk management lifecycle for the India office — including identification, quantification, mitigation planning, and reporting. 

• Ensure security and privacy controls align with frameworks such as NIST CSF, ISO 27001, SOC1 & 2, and regulatory requirements (PCI, GDPR, SWIFT etc.). 

• Maintain a clear understanding of business priorities, emerging risks, operational dependencies, and data flows.  

Security Operations & Incident Preparedness 

• Serve as the business unit incident lead in coordination with the SOC and IR teams. 

• Ensure the business unit is prepared for incidents through tabletop exercises, BCP/DR coordination, and response playbooks. 

• Support root cause analysis and drive remediation efforts after incidents or audits. 

India site leader for broader CAO organization

• Help define and influence the India site strategy for CAO organization while working with head of CAO and other senior CAO leadership
• Responsible for leadership mentoring, employee engagement, consistent local/global communication
• Actively collaborates with India site leader and other functional site leaders to drive the site advancement initiatives
• Supporting talent acquisition strategies and attracting and retaining the best minds for Bottomline future
• Delivering clear, consistent messaging and fostering transparency across teams within CAO 

People Leadership & Cross Functional Influence 

• Provide leadership guidance and mentorship to the security teams based out of the India office.  

• Build a strong culture of shared security ownership across business units. 

• Drive education, awareness, and change management initiatives. 

Required Experience & Qualifications 

• 15+ years of experience in Cybersecurity  

• 7 + years of experience in leadership  

• Bachelor’s degree 

• In depth knowledge across all core domains – Security Architecture, Application Security, Vulnerability Management, Data Protection, Network Security and Endpoint Security  

• Strong knowledge of regulatory and industry frameworks – SWIFT, PCI, GLBA, FFIEC 

Preferred Experience & Qualifications 

• Cyber certifications (e.g., CISM, CISSP) or equivalent 

Note: This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the position.