Associate Director

Our Story

Founded in 2021 by Aadit Palicha and Kaivalya Vohra, Zepto is on a mission to save your time -making every second count towards life's real joys. Our platform has revolutionised rapid commerce in India with cutting-edge technology and strategically optimised delivery hubs. Zepto offers an extensive range of 45,000+ products, from fresh groceries to electronics, beauty essentials, apparels, toys and more, delivering across 50+ cities in 10 minutes.

Zepto Café extends our commitment to convenience, featuring a curated menu of over 200 fresh items.

About the Role: Associate Director - IT Security

We are seeking a highly experienced Associate Director of IT Security to lead and transform our organization's cybersecurity strategy. The ideal candidate will bring comprehensive expertise in developing, implementing, and managing robust security frameworks across multiple domains, with a proven track record of protecting complex IT environments.

Key Responsibilities

1. Security Strategy and Governance

• Develop and implement comprehensive IT security strategies
• Design and maintain a robust information security management system
• Lead ISO 27001 security implementation and certification processes
• Ensure alignment of security initiatives with business objectives
• Develop and enforce enterprise-wide security policies and procedures

2. Security Operations Center (SOC) Management

• Design, establish, and lead Security Operations Center (SOC) capabilities
• Implement and optimize SIEM (Security Information and Event Management) tools
• Develop SOC operational procedures and incident response protocols
• Manage security monitoring, threat detection, and incident investigation processes
• Implement advanced threat correlation and analysis techniques

3. Compliance and Risk Management

• Manage compliance requirements across multiple industries
• Conduct comprehensive security risk assessments
• Develop and implement risk mitigation strategies
• Ensure adherence to regulatory standards and best practices
• Prepare and maintain documentation for security audits

4. Endpoint and Network Security

• Oversee implementation of Endpoint Detection and Response (EDR) solutions
• Manage endpoint security strategies across the organization
• Develop and enforce system security policies
• Implement and maintain comprehensive network security measures
• Design and execute advanced threat protection strategies

5. Phishing and Social Engineering Defense

• Develop comprehensive anti-phishing strategies
• Implement advanced phishing detection and prevention tools
• Create and maintain phishing simulation and awareness programs
• Deploy email security solutions with anti-phishing capabilities
• Develop incident response procedures for phishing and social engineering attacks

6. Identity and Access Management

• Lead implementation of identity management solutions
• Develop and enforce access control policies
• Manage multi-factor authentication strategies
• Implement privileged access management
• Ensure robust user authentication and authorization processes

7. Email and Internet Security

• Implement advanced email security tools
• Develop comprehensive internet security strategies
• Manage email and web-based threat protection solutions
• Create and enforce email and internet usage policies
• Implement advanced threat detection mechanisms

8. Security Architecture and Infrastructure

• Design and maintain a comprehensive security architecture
• Ensure integration of security solutions across IT infrastructure
• Develop security reference architectures
• Evaluate and implement cutting-edge security technologies
• Manage security tool ecosystem and technology stack

9. Incident Response and Threat Management

• Develop and maintain incident response plans
• Lead forensic investigations of security incidents
• Implement advanced threat hunting capabilities
• Create and maintain security operations protocols
• Develop rapid response strategies for emerging threats

10. Security Awareness and Training

• Design and implement security awareness programs
• Develop training curricula for employees
• Create security culture across the organization
• Conduct regular security awareness sessions
• Develop metrics to measure security awareness effectiveness

11. Vendor and Technology Management

• Evaluate and select security technology vendors
• Manage security technology partnerships
• Conduct thorough vendor security assessments
• Negotiate security technology contracts
• Stay updated on emerging security technologies

12. Strategic Leadership

• Provide strategic direction for IT security teams
• Build and mentor high-performance security teams
• Develop career growth paths for security professionals
• Foster a culture of continuous learning and improvement
• Represent IT security at executive leadership levels

Qualifications and Requirements

Professional Experience

• Minimum 15 years of comprehensive IT security experience
• Proven track record of leading enterprise-wide security initiatives
• Extensive experience in implementing ISO 27001 security frameworks
• Demonstrated expertise across multiple security domains

Technical Expertise

Deep knowledge of:

• Security Operations Center (SOC) operations
• SIEM (Security Information and Event Management) tools
• Endpoint Detection and Response (EDR)
• Endpoint Security Solutions
• System Security Policies
• Identity Management Solutions
• Email Security Tools
• Internet Security Tools
• Network Security Technologies
• Phishing detection and prevention tools
• Advanced threat protection solutions

Compliance and Regulatory Knowledge

• Comprehensive understanding of security compliance requirements
• Experience with multiple industry regulatory standards
• Ability to navigate complex compliance landscapes

Certifications

• CISSP (Certified Information Systems Security Professional)
• ISO 27001 Lead Auditor Certification
• SOC 2 Certification preferred
• Additional security certifications (CISM, CISA, CEH) preferred

Education

• Bachelor's degree in Computer Science, Information Technology, or related field
• Master's degree in Cybersecurity or related discipline preferred