Chief Information Security Officer

Job Title: Chief Information Security Officer (CISO)

Location: [Chennai, India] | Employment Type: Full-time

About the Role

We are seeking a hands-on Chief Information Security Officer (CISO) to lead our organization's security. You will be responsible for defining, implementing, and maintaining our security strategy, focusing on cloud security, application security, endpoint security, network security along with compliances relevant to the Insurance domain.

This role requires a mix of strategic leadership and technical execution ideal for a professional who is both a security strategist and practitioner.

Key Responsibilities

• Security Strategy & Governance:

• Develop and implement the organization's overall information security strategy and roadmap.

• Ensure compliance with IRDAI regulations, ISO 27001, and other applicable security standards.

• Define and manage security policies, procedures, and best practices.

• Cloud Security (AWS):

• Design, implement, and monitor security controls for AWS environments.

• Conduct regular audits, threat modeling, and vulnerability assessments.

• Manage IAM, security groups, encryption, and key management (KMS).

• Application Security:

• Perform secure code reviews and guide developers on secure coding practices.

• Integrate security testing (SAST, DAST) into the SDLC.
• Perform manual security assessment of the applications.

• Work closely with product and engineering teams to proactively identify and remediate security issues.

• Endpoint & Network Security:

• Deploy, manage, and monitor endpoint protection tools (EDR/AV).

• Implement and maintain firewalls, VPNs, IDS/IPS, and network segmentation.

• Regularly review network configurations and monitor for anomalous activity.

• Email Security:

• Implement and manage email security solutions (SPF, DKIM, DMARC, anti-phishing tools).

• Monitor and respond to email-based threats such as phishing, spoofing, and malware campaigns.

• Conduct phishing simulations and train employees on email security best practices.

• Data Loss Prevention & Zero Trust:

• Implement and manage DLP solutions to prevent data leaks and unauthorized sharing.

• Design and enforce zero trust security architecture, including identity-based access controls and continuous verification.

• Vulnerability Management:

• Establish and run a vulnerability management program including regular scanning, prioritization, and patch management.

• Coordinate with engineering teams to remediate identified vulnerabilities in a timely manner.

• Track and report vulnerability closure rates and risk reduction over time.

• Risk Management & Incident Response:

• Establish risk assessment processes and maintain a risk register.

• Develop and execute an incident response plan, lead investigations, and ensure timely remediation.

• Stakeholder Communication:

• Act as the security point-of-contact for internal teams, external partners, and auditors.

• Report security posture, risks, and mitigation status to leadership.

• Security Awareness:

• Conduct security training and awareness sessions for employees.

Qualifications & Skills

• Proven experience (5+ years) in information security, preferably in financial services, fintech, or insurance sector.
• Strong knowledge of AWS security best practices, including IAM, networking, encryption, and monitoring.
• Hands-on experience with application security, secure SDLC, and common security tools (e.g., Burp Suite).
• Solid understanding of endpoint protection technologies, network security controls, email security protocols (SPF/DKIM/DMARC), DLP solutions, zero trust principles, and vulnerability management program.
• Familiarity with IRDAI security guidelines, ISO 27001, DPDPA, and other regulatory frameworks.
• Experience with SIEM tools, vulnerability scanners, and incident response.
• Excellent problem-solving, communication, and stakeholder management skills.
• Relevant certifications such as CISSP, CISM preferred.Role & responsibilities

Preferred candidate profile