Role Overview
The Chief Information Security Officer (CISO) will be responsible for developing, implementing, and overseeing the organization's information security strategy, governance, and risk management framework. This is an individual contributor role, focused on driving enterprise-wide security initiatives without direct team management, while working closely with leadership and cross-functional stakeholders.
Key Responsibilities
- Define and maintain the organization's information security roadmap, policies, and standards.
- Lead risk assessments, VAPT, and compliance with frameworks such as ISO 27001, NIST, CIS, and SEBI / RBI regulations (where applicable).
- Manage incident response, investigation, and reporting processes for security events.
- Conduct periodic security audits, gap analyses, and vendor risk assessments.
- Partner with IT, Legal, and Compliance teams to ensure alignment with data protection and privacy regulations.
- Evaluate and implement security tools and technologies for threat detection, prevention, and response.
- Present periodic security posture updates, audit findings, and recommendations to senior management.
Required Qualifications & Experience
- Bachelor's or Master's degree in Information Technology, Computer Science, or a related field.
- 10+ years of experience in information security, with strong exposure to governance, risk, and compliance.
- Proven expertise in ISO 27001, VAPT, network and application security, and regulatory compliance.
- Certifications such as CISA, CISM, CISSP, CEH, or ISO 27001 Lead Auditor/Implementer preferred.
- Strong analytical, documentation, and presentation skills.
- Ability to work independently and influence stakeholders across multiple functions.
Preferred Attributes
- Experience in Fintech, BFSI, or regulated environments.
- Strategic thinker with a hands-on approach to problem-solving.
- Strong communication skills with the ability to explain complex security topics to non-technical audiences.
