jobseeker Logo
Now Apply on the Go!
Download iimjobs Jobseeker App and get a seamless experience for your job-hunting
31/07 Priyanka
Senior Manager at Girnarsoft Cardekho

Views:438 Applications:80 Rec. Actions:Recruiter Actions:14

InsuranceDekho - Chief Information Security Officer (10-12 yrs)

Gurgaon/Gurugram Job Code: 1294921

Role : Chief Information Security Officer

About the Company:

Launched in 2016, InsuranceDekho (Cardekho group) is India's leading and fastest growing Insurtech player. It enables its consumers to compare different insurance policies based on their requirements and offer them the best choices available as per their needs. In FY 2022, InsuranceDekho sourced 1000 crore premium and also sold 1MM policies in the last 9 months. The company currently has tie-ups with 43+ insurance companies.

InsuranceDekho has offices in Gurgaon, Pune, Chandigarh, Ludhiana, Jaipur, Kolkata, Chennai, and Bengaluru.

Awarded the "Best in Class Insurtech Startup" by Global Fintech awards 2022 (, the company aims to become a partner of choice for consumers, insurance companies as well as partner intermediaries in the auto, health, general, life, pet and travel insurance domains.

Job Location: InsuranceDekho, Plot no.301, Phase-2, Udyog Vihar, Gurugram-122022, Haryana

Job Title: Chief Information Security Officer (CISO)

Key Role and Responsibilities:

1. Able to solve business IT issues while managing costs and risks

2. Deployment of various applications, and set up of infrastructures

3. Collaborated with a diverse set of stakeholders entailing Global Business Units, Functional Groups, Consultants, Vendors, External Agencies on matters relating to systems for establishing & improving infrastructure solutions

4. Shouldered the responsibility as an Advisor for strategic projects for implementation of various AI, ML, IOT, Data Analytics Projects etc. to achieve business objective

5. Should be an effective implementer with strong interpersonal, leadership, analytical and relationship management skills

6. Implementation of Governance, Risk, and Compliance (GRC) to ensuring all ISMS and IS Frameworks in-line with RBI, NHB ISO 27001:2013 standards.

7. Define and execution of Cyber Security Policies, Cyber Crisis Management Plan and Cyber Security Readiness Plan.

8. Data Loss Prevention program implementation to protect PII, business and strategic data.

9. Privacy Impact Assessment to protect the customer data and in compliance with Privacy Laws and regulation.

10. Preparing organization for ISO 27001:2013 certification and accreditation sustenance audits.

11. Leveraging complete knowledge of information security topics, system architecture and internet technology to promote and support Governance, Risk, and Compliance (GRC) programs into daily operations of BFSI; ensuring all ISMS and IS Frameworks in-line with IRDA and ISO 27001 standards

12. Articulating Information and Cyber Security Policy, Cyber Crisis Management Plan & BCMS for the organization

13. Advising the Management and Board in implementation of Information and Cyber Security Policy and Framework; identifying the information security needs and assessing the risk

14. Leading the Information Security Team with appropriate competencies to deliver the information security program

15. Directing all the functions pertaining to Data Centre, IT Infrastructure, IT Application Support, Leadership for delivery of 24-7 service operations and compliance

16. Maintaining Service Level Agreement (SLA) adherence, establishing a 24-7 handover mechanism, mandatory escalation metric and delivery support based on Information Technology Infrastructure Library (ITIL) CISO JD Version-1.0 For Restricted Use Only | pg. 2

17. Ensuring that organization processes personal data of staff, customers, providers, or any other individuals (data subjects) in compliance with the applicable data protection rules

18. Creating execution roadmaps for IT infrastructure, security, disaster, business continuity plans, asset management, ERP, application & software development

19. Defining IT Roadmap & Strategy and bridging the gap between functional groups & technology to foster targeted and innovative solution development

20. Spearheading planning & budgeting of IT Infrastructure Operations, control of operational and capital costs, technology implementation, transition, and service delivery

21. Analyzing risks, ensuring compliance to IT standards, and designing secure solutions that support organizational objectives; evaluating ecosystems to identify risks pertaining to IT operations, business continuity readiness & process flaws

22. Defining governance policies and SOP's for various aspects of cyber security

23. Drive the engagement with Security Vendors and make sure all the reported vulnerabilities are planned for earliest closure

24. Maintaining and follow a comprehensive Security Checklist on Infrastructure as well as Application side for deployments and provisioning

25. Apart from Cloud Security, create & drive the best of security policies and frameworks on the enterprise technology and on-prem infrastructure & network like VPN, Email and Vendor management etc.

26. Guide the devops, technology and IT admin teams on security best-practices and be the go-to person for expertise on security

27. Responding to security incidents and evaluating threats to Elara platforms

28. Develop and maintain a comprehensive information security and privacy program that is aligned with business objectives and industry best practices

29. Define and implement security policies, procedures, standards, and guidelines to ensure the confidentiality, integrity, and availability of all organizational data and systems

30. Conduct regular risk assessments and vulnerability scans to identify and mitigate potential security threats and vulnerabilities

31. Lead the incident response and disaster recovery planning efforts to ensure that the organization is prepared to respond to security incidents and disasters in a timely and effective manner

32. Collaborate with cross-functional teams, including IT, Legal, Compliance, and Business Units, to ensure that security requirements are integrated into business processes and technology initiatives

33. Develop and maintain effective relationships with external partners, vendors, and regulatory bodies to ensure compliance with relevant laws and regulations

34. Manage the information security budget and staffing to ensure that the organization has the necessary resources to support the information security program

35. Provide regular reports and updates to executive management and the board of directors on the status of the information security program, including risks, threats, and compliance issues

36. Implementation of Information Security Best Practices by streamlining the security control environment

37. Control/monitor the risk & impact of Information / Cyber Security Threats and Vulnerabilities through risk assessments & remediation processes

38. Create robust IT Architectures & Infrastructures


- 10+ years of strong Info Security & Cyber Security experience

- Bachelor's & Master degree in computer science, information technology, or a related field

- Experience in managing a team of security specialists in a senior capacity across multiple functional areas

- Strong knowledge and understanding of information security practices and policies, including information security & cyber security frameworks, standards, and best practices and common security technologies

- Excellent leadership, communication, and interpersonal skills

- Demonstrated experience in managing complex security projects and programs

- Expertise in AWS including EC2, IAM, CloudWatch, S3, CloudTrail, CloudFront, Config, Lambda, Security Groups, VPCs, WAF, Guard Duty, Inspector, etc.

- Experience in setting up the strategy on Disaster recovery and BCP

- Broad understanding of security services including; application architecture, security infrastructure, penetration testing, identity & access management, threat and vulnerability management, incident response, security operations, network infrastructure.

- Experience in OWASP and In-depth knowledge of security frameworks, such as NIST, ISO, and CIS.

- CISSP, CISA, CISM, and LA ISO 27001, ISO 27701 or other relevant certifications are a plus.

- Strong interpersonal skills as well as excellent written and verbal communication skills.

- Uncompromising personal and professional integrity and ethics





- ISO-27001 Lead Auditor

- ISO 27701

- ISO 31000

- ISO 27001 Lead Auditor or Lead Implementer

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
  • Apply
  • Assess Yourself
  • Save
  • Insights
  • Follow-up
Something suspicious? Report this job posting.