Chief Information Security Officer

As the Chief Information Security Officer (CISO) at Ring, you will be responsible for overseeing and implementing comprehensive security strategies to safeguard our organization's information assets and ensure compliance with industry regulations. You will play a critical role in maintaining the confidentiality, integrity, and availability of our data, systems, and infrastructure—both on-premises and in the cloud (particularly AWS)—thereby fostering trust with our customers and stakeholders.

**What You'll Do**:
**Strategic Leadership**
- Develop and execute a strategic cybersecurity roadmap aligned with business objectives, cloud strategy (including AWS), and industry best practices.
- Provide expert guidance on security matters to executive management and the board of directors.
- Monitor emerging threats, cybersecurity trends, and AWS-specific threat landscapes, integrating them into security strategies.

**Risk Management**
- Identify, assess, and prioritize cybersecurity risks across cloud and on-prem environments.
- Implement robust risk mitigation controls, particularly in AWS infrastructure using native AWS security tools and frameworks.
- Conduct regular security assessments, cloud configuration reviews, and penetration testing to ensure robust defenses.

**Compliance and Regulatory Governance**
- Ensure compliance with data protection laws, regulations, and standards (e.g., GDPR, PCI DSS, ISO 27001, AWS Well-Architected Framework - Security Pillar).
- Maintain documentation and security policies that align with AWS shared responsibility model and compliance programs.
- Partner with legal and compliance teams to address evolving privacy and regulatory concerns.
- Governance & Compliance: Develop and maintain information security policies and drive compliance with ISO 27001, SOC 2, and RBI guidelines. Act as the primary contact for audits and inspections.
- Risk Management: Conduct risk assessments, manage risk registers, and oversee third-party/vendor security reviews.
- Security Operations: Oversee tools and processes for SIEM, DLP, EDR, patch management, and incident response. Lead security incident simulations and resolution.
- Cloud & App Security: Manage AWS security architecture, implement CSPM programs, and embed secure coding and DevSecOps practices across CI/CD pipelines.
- Business Continuity & DR: Maintain and test disaster recovery and continuity plans (RTO: 60 mins; near-zero RPO).
- Awareness & Culture: Run regular security training, phishing drills, and promote a security-aware culture across the organization.
- Reporting & Strategy: Present security metrics, dashboards, and risk reports to leadership and participate in strategic IT governance forums.

**Security Operations**
- Oversee daily security operations, including monitoring of AWS CloudTrail, GuardDuty, and other security tools.
- Establish and manage incident response protocols across cloud and on-prem systems.
- Lead incident investigation and root cause analysis using AWS native tools when applicable.
- Promote organization-wide security awareness and cloud security training initiatives.

**Vendor Risk Management**
- Evaluate and monitor third-party vendors’ security posture, especially those integrated into AWS-hosted services.
- Implement risk management protocols for vendors and ensure SLAs include AWS security considerations.

**What We’re Looking For**:

- Bachelor’s degree in Computer Science, Information Security, or a related field; Master’s degree preferred.
- Relevant certifications such as CISSP, CISM, AWS Certified Security - Specialty, or equivalent preferred.
- 10+ years of experience in cybersecurity roles, with at least 3 years in a leadership capacity.
- Proven success in developing and implementing cybersecurity strategies, particularly in cloud (AWS) and financial/FinTech environments.
- Deep understanding of security technologies including firewalls, IDS/IPS, encryption, IAM, and AWS-native security services.
- Strong communication and interpersonal skills, with the ability to influence senior stakeholders and cross-functional teams.