Chief Information Security Officer

This role involves overseeing and implementing comprehensive cybersecurity strategies to safeguard sensitive data, ensure compliance with regulatory frameworks, and strengthen the security posture of our healthcare insurance ecosystem.

• Develop and implement a cybersecurity strategy that aligns with business objectives.
• Monitor and respond to cyber threats and incidents using Security Information and Event Management (SIEM) and Security Operations Center (SOC) processes.
• Conduct vulnerability assessments, penetration testing (VAPT), red teaming, blue teaming, and purple teaming exercises.
• Perform digital forensics, root cause analysis, and incident response lifecycle management.
• Define and enforce policies for data privacy, identity and access management (IAM/PAM), and data loss prevention (DLP).
• Secure infrastructure across network, endpoint, application, database, and cloud environments.
• Implement security controls for cloud services (AWS, Azure, Google Cloud Platform) and containers (Docker, Kubernetes).
• Manage and tune security tools such as firewalls, web application firewalls (WAF), intrusion detection and prevention systems (IDS/IPS), endpoint detection and response (EDR), SIEM, security orchestration automation and response (SOAR), cloud access security brokers (CASB), and distributed denial-of-service (DDoS) protection.
• Work with DevOps teams to embed security in continuous integration and continuous deployment pipelines (DevSecOps practices).
• Ensure compliance with relevant regulatory frameworks including the Indian government's IRDAI regulations, the Reserve Bank of India's (RBI) guidelines, the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), ISO 27001, the National Institute of Standards and Technology (NIST) framework, and the Payment Card Industry Data Security Standard (PCI-DSS).
• Conduct third-party vendor risk assessments and ensure supply chain security.
• Lead business continuity and disaster recovery from a security standpoint.
• Drive security awareness programs for employees and stakeholders.

Technical Skills:

Core Security Areas:

• Network Security: Firewalls, IDS/IPS, VPN, zero-trust networking, software-defined wide-area networking (SD-WAN), network access control (NAC).
• Endpoint Security: EDR/XDR solutions (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender).
• Application Security: OWASP Top 10, static application security testing (SAST), dynamic application security testing (DAST), runtime application self-protection (RASP), API security.
• Cloud Security: cloud security postures management (CSPM), cloud workload protection platforms (CWPP), CASB; secure configuration of AWS, Azure, GCP.
• Identity & Access Management: IAM, PAM (CyberArk, Okta, Ping, Azure AD, SailPoint).
• Data Protection: DLP solutions, encryption (AES, RSA, TLS, public key infrastructure (PKI)), key management, tokenization.
• Security Operations: SIEM (Splunk, QRadar, ArcSight, ELK), SOAR, threat hunting, SOC operations.
• Threat & Vulnerability Management: Qualys, Nessus, Rapid7, Burp Suite, Metasploit.
• Incident Response & Forensics: EnCase, FTK, Volatility, Wireshark, memory forensics.
• DevSecOps: container scanning (Aqua, Twistlock, Snyk), CI/CD pipeline security, infrastructure as code (IaC) scanning.
• Governance, Risk & Compliance (GRC): RSA Archer, ServiceNow GRC, ISO/NIST frameworks.

Advanced Areas:

• Red/Blue/Purple Teaming: adversary simulation, MITRE ATT&CK framework.
• Malware Analysis: reverse engineering, sandboxing.
• Blockchain & IoT Security: secure protocols, device hardening.
• AI/ML Security: model poisoning, adversarial attacks.
• Threat Intelligence: STIX/TAXII, MISP, integrating CTI feeds.

Required Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• Certifications (one or more preferred):
• CISSP, CISM, CISA, CRISC (governance and risk).
• CEH, OSCP, OSWE, GPEN (offensive security).
• CCSP, CCSK, AZ-500, AWS Security Specialty (cloud security).
• ISO 27001 lead auditor/liaison, PCI-DSS, HIPAA, GDPR compliance certifications.

Soft Skills:

• Strong analytical, troubleshooting, and documentation skills.
• Excellent communication skills to interact with business and technical stakeholders.
• Ability to handle high-pressure security incidents and provide timely resolution.
• Leadership capability for senior roles (mentoring SOC teams, driving projects).

Benefits:

This role offers a competitive salary package, opportunities for professional growth and development, and a collaborative work environment.