Chief Information Security Officer

This role involves providing executive-level support for various information security programs and initiatives, as well as managing the day-to-day operations of an Information Security team based in Gurgaon, India.

The successful candidate will be responsible for supporting regional teams to execute a variety of information security programs and processes, delivering solutions for technology risk management, data and infrastructure protection, customer security assurance, and compliance of SaaS product platforms and company computing resources.

• Support Global Strategic Leadership:
  • Collaborate with Global Information Security leadership and functional peers to maintain and implement a comprehensive information security strategy aligned with business objectives and global SaaS product and corporate computing operations.
  • Collaborate with regional executive leadership to ensure adequate resourcing and support for Information Security team operations and initiatives.
  • Provide executive-level support for regional security risk assessment and treatment activities, as well as security operations with an emphasis on collaborating with regional executive leadership and other stakeholders to develop, promote, implement, and monitor security practices.
  • Support global security governance and reporting activities, including regular updates to regional senior management on the state of information security practices most relevant to this position.
• Team Management and Oversight:
  • Lead and mentor the Information Security team with an emphasis on coaching and developing teams, managers, and key individual contributors.
  • Maintain alignment and operational consistency between the Global Information Security team and the Information Security team on information security policies, processes, and practices.
  • Foster a culture of continuous improvement, innovation, and learning across Information Security teams.
  • Ensure effective coordination and communication between Information Security teams, as well as between these teams and regional stakeholders and teams to maintain productive, positive working relationships and deliver a cohesive security posture.
• Application & Cloud Security:
  • Provide oversight and executive-level support for adoption of security best practices in software development and cloud security, including secure architecture design, software and infrastructure threat modeling, vulnerability management and remediation, and full-stack security hardening.
• Security Operations:
  • Provide technical oversight and executive-level support for the design, implementation, and maintenance of security controls for SaaS product platforms and corporate computing resources.
  • Provide technical oversight and support for effective 24/7 security monitoring, incident response, threat hunting, and threat intelligence capabilities.
• Compliance and Risk Management:
  • Provide oversight and executive-level support for activities to achieve and maintain compliance with industry standards and regulations relevant to SaaS product operations, such as ISO 27001, ISO 27701, SOC 2, PCI, GDPR, CCPA, and others.
  • Provide oversight and support for third-party vendor risk assessment and risk treatment activities.
  • Oversee and contribute to the development and maintenance of information security policies, standards, procedures, and guidelines, as required.
• Security Assurance:
  • Provide oversight and executive-level support for customer assurance support activities related to security and geared to establishing and maintaining customer trust in security posture and practices.
• Stakeholder Management:
  • Serve as a key executive representative and liaison between the Global Information Security team and Information Security teams, as well as between other departments and divisions.
  • Collaborate with Sales, Legal, and Product teams to address customer security concerns and requirements.
• Innovation and Continuous Improvement:
  • Stay abreast of emerging security threats, technologies, compliance frameworks, and best practices, particularly those relevant to the global SaaS industry.
  • Foster and promote development of innovative security processes and solutions to enhance security and compliance posture.
  • Continuously assess and improve the effectiveness of Information Security teams and respective security programs, initiatives, and day-to-day activities.
  Qualifications and Skills

Education:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field; Master's degree preferred.
• Relevant industry certifications such as CISSP, CISM, CRISC, or CCSP.

Experience:

• 15+ years of experience in information security, with at least 8 years in an information security leadership role and experience in various information security domains including, but not limited to, cloud and infrastructure security, data protection, security risk and compliance, application security, vulnerability management, and security incident response.
• Strong technical knowledge of cybersecurity principles, technologies, and best practices.
• Solid understanding of security risk management methodologies and compliance frameworks, including familiarity with relevant global data privacy and protection laws and regulations relevant to SaaS platforms and operations.
• Proven track record in managing information security for a global SaaS company.
• Technical Skills:
• Deep understanding of cloud security architectures and best practices, particularly related to the AWS platform.
• Proficiency with DevSecOps principles and practices.
• Proficiency with endpoint detection and response tools, security information and event management (SIEM) systems, vulnerability management and data loss prevention platforms, and security operations center (SOC) management.
• Knowledgeable of a variety of IT asset, risk, and vulnerability management technologies to support risk assessment, treatment planning, and reporting, configuration management and hardening, vulnerability assessment/scanning, and risk and/or vulnerability remediation activities.
• Knowledgeable of application security methodologies and secure software development practices.
• Knowledgeable of security threat intelligence, threat monitoring, incident response, and threat hunting practices and techniques.

Soft Skills:

• Exceptional leadership and team management abilities.
• Strong leadership, executive presence, and persuasive communications skills; ability to effectively articulate complex cybersecurity concepts to both technical and non-technical audiences to build consensus and achieve cross-functional alignment on security priorities.
• Excellent stakeholder management and negotiation skills; demonstrated ability to influence and drive positive change across an organization at all levels.
• Strong business acumen with the ability to align security initiatives with business objectives.
• Adaptability and resilience in a fast-paced, dynamic environment.