Chief Information Security Officer

Role Details

• Role Title: Chief Information Security Officer

Background to the role:

The Chief Information Security Officer (CISO) is responsible for developing and implementing the overall security strategy for (Company Name), an insurance player. The CISO will ensure the protection of information assets, IT infrastructure, applications, data owned / managed by the organization and compliance with industry-specific regulations. This leader will work closely with executive leadership, IT teams, operations teams, and external partners to design and enforce a robust cybersecurity posture across all aspects of the business.

Key Responsibilities

1. Strategy & Governance

2. Develop and implement the enterprise-wide information security strategy, aligning with business objectives and regulatory requirements.

3. Lead the Information Security Governance, Risk, and Compliance (GRC) program to ensure a proactive approach to cybersecurity risk management.
4. Establish and maintain a comprehensive Information Security Management System (ISMS) aligned with industry standards (e.g., ISO 27001, NIST etc.).
5. Provide regular reporting on the security status of the organization to executive leadership and the board of directors.
6. Develop and oversee cybersecurity budgets and resource allocation, ensuring optimal use of resources.

2. IT & Cloud Security

• Define and manage IT and cloud security strategies, ensuring secure deployment and management of cloud-based services.
• Implement security controls for corporate IT infrastructure, including network security, endpoint protection, identity and access management (IAM), and data loss prevention (DLP).
• Ensure effective monitoring, detection, and response to security threats and incidents within the IT and cloud environments.

3. Application Security

• Develop and oversee secure software development practices, ensuring that security is integrated into all phases of the application lifecycle.
• Implement secure coding standards, code reviews, and vulnerability scanning for internally developed and third-party applications.

• Lead efforts to mitigate application-level threats such as SQL injection, cross-site scripting (XSS), and insecure APIs to name a few.

• Supplier and Third-Party Security

• Establish and maintain a supplier security management program to assess and manage cybersecurity risks from third-party vendors.

• Work closely with procurement and supplier management teams to ensure that security standards are embedded in supplier contracts and procurement processes.

• Regularly assess suppliers and third-party service providers for adherence to cybersecurity requirements.

• Regulatory Compliance

• Ensure compliance with all relevant industry regulations and standards, including those related to insurance, data protection (IRDAI, DPDPA etc.), and cybersecurity frameworks.

• Monitor emerging regulatory requirements and adjust security strategies to ensure continuous compliance.

• Oversee audits, security assessments, and certifications to validate the companys security posture.

• Incident Response & Threat Management

• Develop and lead the organizations incident response strategy, ensuring rapid containment and remediation of security incidents.

• Oversee the Security Operations Center (SOC) and ensure 24/7 monitoring, threat detection, and incident response capabilities.

• Lead investigations into security breaches and manage communications with internal stakeholders, regulators, and law enforcement when necessary.

• Leadership and Team Management

• Build, develop, and lead a high-performing cybersecurity team, fostering a culture of security awareness across the organization.

• Provide leadership, mentoring, and development opportunities to team members, ensuring continuous professional growth.
• Collaborate across departments to promote a strong cybersecurity culture, including organizing training and awareness programs for employees.

Experience Requirements

• Minimum 15+ years of experience in information security management roles, with at least 5 years in Cyber Security leadership position.
• Proven experience in developing and implementing cybersecurity strategies
• Experience with IT security, cloud security, and application security etc.

Education Requirements

• Bachelor's or Master's degree in Information Security, Computer Science, Engineering, or a related field.
• Professional certifications such as CISSP, CISM, CISA (at least one) are highly desirable.