Chief Information Security Officer

Chief Information Security Officer (CISO) | Mumbai LocationPosition Summary:The Chief Information Security Officer (CISO) is a senior leadership role responsible for establishing, implementing, and managing the organization's comprehensive information security strategy. With a focus on protecting company assets, customer data, and application security, the CISO will oversee risk management, compliance, incident response, and security operations while aligning security initiatives with the organization's business objectives. Key ResponsibilitiesStrategic Leadership:

• Define, implement, and maintain the organization's information security vision, strategy, and roadmap.
• Provide strategic guidance on risk management, security policies, and emerging threats to senior executives and stakeholders.
• Lead cross-functional collaboration to embed security into business processes and systems.

Risk and Security Program Management:

• Develop, enforce, and maintain comprehensive security policies, procedures, and standards.
• Conduct enterprise-wide risk assessments, vulnerability analyses, and threat modeling to address emerging risks.
• Monitor, analyze, and respond to security alerts, logs, and reports to identify potential threats.

Incident Response and Recovery:

• Oversee the creation and execution of incident response strategies and playbooks.
• Lead investigations into security incidents, coordinate remediation efforts, and develop preventive measures.
• Communicate effectively with internal teams, stakeholders, and external regulators during incident management.

Compliance and Audit:

• Ensure adherence to security regulations and standards, such as ISO27K1, HDPR, HIPPA, SOC 2, CCPA, NIST, VAPT and other industry-specific requirements.
• Lead and support internal and external audits, ensuring timely closure of findings.
• Maintain detailed documentation of security frameworks, incidents, and compliance efforts.

Security Awareness and Culture:

• Build and maintain a culture of security awareness through comprehensive training programs.
• Partner with business leaders to promote employee accountability and understanding of security best practices.

Technical Leadership:

• Oversee the implementation and operation of security tools and technologies, including SIEM, firewalls, intrusion detection/prevention systems, and encryption solutions.
• Conduct regular penetration testing, vulnerability scans, and security assessments.
• Stay informed of emerging security threats, tools, and technologies to continually enhance security posture.

Application Security Oversight:

• Collaborate with software development teams to integrate security into the Software Development Lifecycle (SDLC).
• Conduct application security reviews, vulnerability assessments, and secure code reviews.
• Establish and enforce secure coding standards, ensuring applications are designed with security as a core feature.
• Provide mentorship and training to development teams on application security principles and best practices.

QualificationsEducation:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Advanced certifications such as CISSP, CISM, OSCP, CEH, or equivalent are highly preferred.

Experience:

• Minimum of 15
• 20 years of progressive experience in information security, including leadership roles.
• Demonstrated expertise in managing enterprise-wide security programs, especially within SaaS, Product, technology-driven or BFSI/ banking environments.
• Proven track record of aligning security programs with organizational objectives.

Skills and Competencies:

• Extensive knowledge of security frameworks (e.g., NIST, ISO and regulatory requirements (e.g., GDPR, SOC 2).

-Strong knowledge of cloud security best practices and experience with cloud platforms such as AWS/ GCP.

• Strong analytical and problem-solving skills with the ability to make data-driven decisions.
• Have understanding on international market security requirements.
• Exceptional leadership, communication, and interpersonal skills to influence and engage across all levels of the organization.
• Expertise in network, application, and cloud security with hands-on experience in SAST, DAST, and other application security tools.
• Proficiency in managing enterprise-grade security tools (e.g., SIEM, IDS/IPS, encryption solutions).

Note: The CISO is expected to be a strategic thinker, an innovative leader, and a technical expert, capable of safeguarding the organization against evolving threats while driving security initiatives that support business growth.