Chief Information Security Officer

Job Summary

A hands-on professional responsible for overseeing and executing comprehensive security audits and compliance initiatives across applications, infrastructure, and organizational processes.

Key Responsibilities

• Conduct in-depth technical assessments required by new clients to ensure adherence to relevant standards and regulations.
• Analyse and complete detailed cloud infrastructure security and compliance questionnaires to identify potential risks and vulnerabilities.
• Collaborate with internal teams to map customer security and regulatory requirements to internal controls, ensuring seamless alignment and effective implementation.
• Maintain accurate documentation and templates for commonly requested assessment artifacts to streamline the process and enhance efficiency.
• Manage and complete security questionnaires from clients, vendors, and partners, providing timely and high-quality responses to support business objectives.
• Evaluate vendor security and compliance by reviewing their responses and supporting documentation, identifying areas for improvement and implementing necessary corrective actions.
• Identify and assess potential risks within the company's IT infrastructure, applications, and services, developing and implementing strategies to mitigate these risks and ensure the highest level of security.
• Assess potential risks posed by vendors or partners during onboarding, conducting thorough due diligence to ensure alignment with company security standards and policies.
• Ensure compliance with industry-leading security standards such as ISO 27001, GDPR, SOC 2, or any other relevant frameworks, staying up-to-date with emerging trends and best practices.
• Work closely with internal teams to maintain compliance with legal and regulatory requirements, fostering a culture of security awareness and promoting continuous improvement.
• Collaborate with the IT security, legal, and procurement teams to address concerns identified in the security assessments, driving results-oriented solutions that meet business needs.
• Coordinate with vendors to ensure their security practices meet company requirements, establishing strong relationships built on trust and mutual respect.
• Develop and maintain internal security policies and procedures related to vendor assessments and third-party risk management, providing clear guidance and direction to support informed decision-making.
• Prepare detailed reports summarizing findings from security assessments and risk analysis, presenting actionable recommendations to drive business growth and success.
• Provide expert advice and guidance on security best practices and compliance requirements, educating internal staff and external partners to enhance their understanding and skills.
• Support pre-sales and onboarding teams with timely delivery of assessment documentation, facilitating a smooth transition and ensuring seamless integration into existing processes.
• Stay current with AWS best practices, shared responsibility model, and emerging cloud security trends, applying this knowledge to drive innovation and excellence in security operations.
• Requirements
  • Bachelor's degree in computer science, information security, data science, or a related field.
  • 5+ years of experience working with audit/compliance, application security assessments, AWS cloud security preferably BFSI domain.
  • 2+ yrs. of experience on AWS cloud security and risk assessments.
  • Strong exposure to AWS cloud infrastructure (Guard Duty, security hub, inspector, Firewall, IAM, EC2, VPC, S3, Security Groups, etc.).
  • Familiarity with secure coding practices, vulnerability management, and threat modelling.
  • Experience with VRA templates, cloud security checklists, and assessment responses for enterprise or regulated clients.
  • Familiarity with information security standards such as ISO 27001, SOC 2, RBI cybersecurity framework.
  • Strong understanding of data protection, encryptions methodologies.
  • Strong written and verbal communication skills to liaise with technical and non-technical stakeholders.
  • Ability to interpret and explain security configurations and policies in layman's terms.
  • Experience with security controls, vulnerability scanning tools (e.g., Nessus, wire shark), or SIEM.
  • Exposure with security tools such as network firewall, IPS/IDS is plus.