jobseeker Logo
Now Apply on the Go!
Download iimjobs Jobseeker App and get a seamless experience for your job-hunting
29/03 Anantha Prasad
Partner at TalentOne

Views:395 Applications:78 Rec. Actions:Recruiter Actions:72

Chief Information Security Officer - IT/KPO (15-18 yrs)

Bangalore Job Code: 1070541

Chief Information Security Officer (CISO)


Job Summary :

Our client is looking for a qualified & highly motivated CISO who will lead our Information Security team and drive functional excellence. A key element of this role is communicating security at a strategic level to executive management, and evangelizing security across the business to drive adoption of security best practices. The focus of this role will be to oversee the Information Security, Risk Management and Business Continuity activities.

Key Responsibilities :

- Responsible for the overall corporate security of the company. This includes security of customer & internal data, product security, as well as security relating to employees and facilities.

- Develop and implement a strategic, long-term information security strategy and roadmap to ensure that organisation's information assets are adequately protected.

- Work with senior leaders across the business to assess and communicate acceptable levels of risk.

- Identify, evaluate, and report on information security risks, practices and projects to the Senior Management, and provide subject matter expertise on security standards and best practices.

- Lead the development of up-to-date information security policies, procedures, standards and guidelines, and oversee their approval, dissemination, and maintenance.

- Ensure that the security management program is in compliance with applicable laws, regulations, and contractual requirements.

- Act as the champion for the company information security program and foster a security-aware culture.

- Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.

- Partner with product development teams to ensure that technologies are developed and maintained according to security policies and guidelines.

- Manage regular intrusion detection and vulnerability reporting, internal and external IT audit groups reviews, and the coordination of all required fixes.

- Develop business metrics to measure the effectiveness of the security management program, and increase the maturity of the program over time.

- Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.

- Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters.

- Oversee and lead the creation, communication and implementation of a process for managing vendor risk and other third-party risks.

- Conduct regular Security Awareness Training program for employees

- Audits : Conduct periodic internal information security and IT audits

- Ensure complete success with information security audits such as SOC 1 & SOC 2 conducted by external auditors

Qualifications :

- Bachelor's Degree in computer science, engineering, or a related field.

- Minimum 15 years of IT and/or business leadership experience, and 10+ years of information security / cybersecurity experience.

- A proven track record in developing information security policies and procedures, and successful execution.

- Extensive knowledge of business risk, risk assessment and risk-based decision making.

- Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms).

- Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals; an innovative leader and a problem solver.

- Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function.

- Excellent written and verbal communication, interpersonal and collaborative skills.

- Knowledge of security, risk and control frameworks and standards such as ISO 27001 and 27002, NIST, FISMA, COBIT, COSO and ITIL.

- Understanding of Cloud and SaaS architectures, and their implications on information security strategy.

- Technical acumen including but not limited to : IT infrastructure, cloud, tools and frameworks, database technologies, web technologies, and network architecture.

- Security technology acumen and experience including but not limited to: firewall, intrusion detection, cyber-attack tools and defenses, encryption, certificate authority, web filtering, antimalware, anti-phishing, identity and access management, multi factor authentication.

- Professional certifications, such as a CISM, CISSP.

- Hands-on experience with information security audits like SOC 1, SOC 2 and customer audits.

- Proven knowledge & experience in GDPR compliance

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
  • Apply
  • Assess Yourself
  • Save
  • Insights (Read more)
  • Follow-up
    (Read more)
Something suspicious? Report this job posting.