Talent Acquisition Team at HighRadius
Views:2548 Applications:121 Rec. Actions:Recruiter Actions:4
HighRadius - Chief Information Security Officer (15-23 yrs)
The Chief Information Security officer is responsible for driving and developing the oversight of policies, practices and programs to ensure the protection of HighRadius's networks, systems, applications, data and products. The CISO will develop, document and operate controls maximizing risk mitigation, which are compliant with industry regulations including NIST, PCI, HIPPA, SOX, SOC II Type II, CPNI, GDPR and CCPA. The CISO will work closely with the executive management team to determine acceptable levels of risk for the group and is also responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.
- To provide overall direction and oversight of the strategy, development, implementation, and administration of information assurance and security policies, plans, and controls that will protect competitive corporate information
- Develop an information security vision and strategy that is aligned with organizational priorities and enables and facilitates the organization's business objectives and ensures senior stakeholder buy-in.
- Provide leadership to the enterprise's information security organization
- Setup standards and structures to facilitate information security governance structure and lead the information security steering committee
- Develop metrics / KPIs, SLAs, OLAs and continuous improvements programs to deliver transparency and accountability and providing regular reporting on the current status of the information security program to business leadership/stakeholders.
- Facilitate risk assessment and risk management processes across the organization.
- Ensure the consistent application of security policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management
- Develop, document and operate controls maximizing risk mitigation, which are compliant with target industry regulations including NST, PCI, HIPPA/HItech, SOX, SOC II Type II, CPNI, GDPR and CCPA
- Subject matter expert providing thought leadership on all compliance and regulatory requirements by staying updated and abreast of all the global trends in compliance and regulatory space.
- Champion education on security strategy and technology throughout the organization
- Ensure that security is integrated and embedded in the project and product delivery processes through includes secure coding training reviews, development standards, vulnerability testing, penetration testing, continuous assurance etc.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action; continuously improving security Health checks, understanding the risk landscape and bringing inappropriate assessments of controls, threats, incident readiness and also providing the remediation roadmaps.
- Securing the entire Infrastructure technology layer that includes Network, Server, OS, Application, Identity and access management, by implementing appropriate monitoring, control and review mechanisms thereby ensuring Service continuity and disaster recovery.
- Build a Security Operations centre (SOC) by recruiting and developing top talent. Work in tandem in a co-sourced mode or In-house mode.
- Build a highly capable SOC team that Monitors and analyzes activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for anomalous activity indicative of a security incident or compromise. Ensuring that potential security incidents are correctly identified, analyzed, defended, investigated, and reported.
- Develop and execute security risk, audit and incident management, disaster recovery and business continuity plans across the organization to ensure continuity of business operations
- Provide direction, support and in-house consulting in the event of a security event; and ensuring that business-critical services are recovered
- Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation.
- Engineering/Master's Degree in IT/Computer science.
- Minimum 15 Years of experience in a combination of risk management, information security and IT roles, with at least 7 years or more experience as a security professional, preferably in Fintech space.
- At least 3 years of experience in a CISO role or at one level below in large products or banking/Financial organization.
- Hands on security professional with extensive expertise in digital and security technologies, processes and systems, global industry security standards, such as NIST, ISO 27001, ISO 22301, PCI DSS, SSAE16, etc.
- Certifications in Security Compliance (CISA, CISM, ISO 27001 LA, etc.) preferable.
- Specific experience in Agile (scaled) software development or other best in class development practices.
- Experience with Cloud computing/Elastic computing across virtualized environments
- Experience with Data Analytics Platforms and KPI Visualization Tools
- Experience Producing & Delivering Security Awareness Training.