Kshema - Chief Information Security Officer

CISO (Security Principal)

- Immediate Joiners are preferred

Functional & Technical Responsibilities:

- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.

- Work directly with CRO (Chief Risk Officer) and various functional teams to facilitate risk assessment and risk management processes.

- Develop and enhance an information security management framework.

- Ensure consistent application of security policies and processes across all technology projects, systems, and services.

- Provide leadership to the enterprise's information security organization.

- Own and conduct Information Security awareness training/orientation for all company employees.

- Partner with business stakeholders across the company to raise awareness of Information Security processes.

- Ensure compliance with all applicable cybersecurity standards including ISO 27001, NIST, SOC-2 etc.

- Conduct periodic Vulnerability Assessment and Penetration testing (VAPT) of IT network.

- Work with 3rd party certification vendors to facilitate various Cybersecurity audits as per the regulatory requirements.

Required Knowledge & Experience:

- Minimum 12+ years of experience in a combination of risk management, information security and IT

- Experience of common information security management frameworks, such as ISO/IEC 27001, SOC-2, NIST etc.

- Experience conducting Information Security training for various functional teams.

- Experience conducting Vulnerability Assessment and Penetration Testing of various cloud [AWS, MS Azure, GCP] based IT networks.

- Experience w.r.t framing and implementing various security policies and processes.

- Excellent written and verbal communication skills and high level of personal integrity

- Excellent presentation skills

- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.

- Experience with contract and vendor negotiations and management including managed services.

- Specific experience in Agile (scaled) software development or other best in class development practices.

- Experience with Cloud computing/Elastic computing across virtualized environments.

- Professional security management certification viz. CISM, CISSP etc. will be an added advantage.

Educational Qualification - B.E/B.Tech/M.E/M.Tech Computer Science/EE/E&C/IT