Chief Information Security Officer

About UsKshema General Insurance Limited (Kshema) was established in 2018 and is India's only Digital Agri Insurance Company catering to farmers/cultivators in the Agriculture Sectors. Kshema enables cultivators with resilience from financial distress due to extreme climate events and perils through localised insurance products.

Kshema is leveraging Technology to provide cutting edge insurance solutions to farmers. Kshema has a pan India presence with more than 500 employees on roles along with 500 employees as contractors. Job DescriptionThe Opportunity:At Kshema, we are re-imagining agricultural insurance with the power of Public Cloud, GIS, Remote-sensing, and cutting-edge AI-based algorithms to assess, model, and price insurance risks for farmers adequately.

We are taking the latest advances in Mobile, Geospatial technologies, and the web to empower the next generation of agricultural insurance. The CISO shall be responsible for driving the organization's cyber security strategy and ensuring compliance to the extant regulatory/statutory instructions on information/ cyber security. You will be responsible for enforcing the policies that a regulated entity uses to protect its information assets apart from coordinating information / cyber security-related issues within the regulated entity as well as with relevant external agencies.

Roles and responsibilities:Define Information Security Roadmap for the organization with a futuristic vision. Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program

Lead, Implement, and Review Hardware, Network, and Software Security Standards and Security Controls within the Organization, to protect systems, data, and assets from both internal and external threats and prevent information and data loss/frauds. Identify and Implement Security Assessment and Testing Processes across the organization, including but not limited to Penetration Testing, Secure Software Development, Vulnerability Management, etc. Identify

Best Security Products/Tools for various purposes and implementation of same. Proactively Monitor and identify Security Issues and potential threats, new vulnerabilities/threats and continuously improve security standards within the organization. Own and conduct Information Security awareness training/orientation for all company employees.

Implement and lead Security Assessment practices including Security Audits, Information Security Reviews, etc. …Provide strategic risk guidance and consultation for IT Projects, including security risk assessment of Implementation Architecture, technical standards, and protocols. Real-time analysis, investigations, and forensics, if a need arises and ensure to avoid and strengthen security measures.

Develop strategies to handle security incidents and trigger investigations. Regular Stakeholder communication on Information and Data Security Practices and Activities. Creating and implementing a strategy for deploying information security technologies and solutions to minimize the risk of cyber-attacks.

Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement. Ensuring compliance with the latest regulations and compliance requirements. Developing and implementing business continuity plans.

Desired Skills and Experience:Engineering Graduate/ Post-Graduate in related field such as Computer Science, IT, Electronics and Communications or a Cyber Security related field. Minimum of 15 years' experience in risk management, information security, or cyber security. Strong knowledge of information security management frameworks, such as ISO/IEC 27001 and NIST.Good Understanding of DevSecOps, Secure SDLC, Security Automation, Security Testing Concepts, DR & BCP ConceptsExperience in financial forecasting and budget management.

Familiarity with Industry Security Standards and Protocols, Information and Data Privacy Regulations relevant to our organization. Ability to manage ambiguity and find suitable solutions to complex problems. Experience with contract and vendor negotiations and management including managed services.

Specific experience in Agile (scaled) software development or other best in class development practices. Ability to work with cross-functional teams, collaborate and set a good example as a leader. Certifications such as CISSP, CEH, CISA and CISM along with deep implementation experience will be an added advantage.

Proven knowledge and exposure in designing, implementing and operating security in one or two of the public clouds from AWS, Azure, Oracle and GCP.Excellent written and verbal communication skills and high level of personal integrity

Excellent presentation skills

Prior knowledge/exposure working for Payments/Banking/Fintech domains is essential.