Chief Information Security Officer

Company Description

StatusNeo is a global consulting leader revolutionizing businesses with cutting-edge AI, automation, and cloud-first digital solutions. Specializing in product and platform engineering, the company is committed to delivering innovative user experiences and top-tier functionalities. As advocates of digital transformation, StatusNeo collaborates with global CXOs, driving remarkable outcomes through Digital, Data AI, and DevSecOps practices. With a highly skilled team of premier software engineers and product designers, and a strong culture of innovation, StatusNeo has proudly earned the Great Place To Work certification. Join us to be a part of a transformative journey in an exceptional work environment.

Role Description

We are seeking a Chief Information Security Officer (CISO) to join our team on-site in Gurugram in a full-time capacity. As CISO, you will be responsible for establishing and maintaining the enterprise's vision, strategy, and programs to protect information assets and technologies. This includes leading cybersecurity initiatives, developing and enforcing information security policies, and ensuring compliance with regulatory requirements. You will work closely with executive leadership to manage risk and build business continuity plans while providing oversight on application security strategies and frameworks.

1. Enterprise Security Strategy & Governance

Establish and continuously evolve the organization's global cybersecurity strategy, roadmap, and maturity targets.

Own enterprise-wide security governance, including policies, standards, controls, and risk frameworks.

Lead cross-functional steering committees and provide regular updates to the Executive Leadership Team (ELT) and Board.

2. Security Operations & Threat Defense Leadership

Oversee global Security Operations Center (SOC), including monitoring, detection, threat hunting, and incident response.

Guide the implementation and optimization of SIEM, SOAR, XDR, DLP, CASB, IAM, PAM, and other platforms.

Direct advanced threat analytics, malware investigations, red/blue/purple team exercises, and cyber readiness programs.

3. Cloud & Infrastructure Security Architecture

Architect secure cloud (AWS/Azure/GCP) and hybrid environments aligned with Zero Trust principles.

Oversee identity & access governance, conditional access, MFA, SSO, and least-privilege controls.

Ensure secure network architecture including SASE, SD-WAN, segmentation, firewall governance, topology hardening, and traffic flow analysis.

4. Compliance, Audit & Risk Management

Lead all cybersecurity certifications and regulatory compliance programs including:

ISO 27001, SOC 2, GDPR, HIPAA, PCI, FedRAMP (as applicable)

Own enterprise risk management (ERM) functions: risk assessments, DPIAs, third-party risk, vendor security, access reviews, asset governance.

Drive metrics-driven reporting using dashboards, KRIs, KPIs, and board-level scorecards.

5. Vulnerability & Exposure Management

Oversee enterprise-wide vulnerability scanning, penetration testing, attack surface management, and cloud posture security.

Ensure timely remediation SLAs and continuous hardening of infrastructure, cloud, endpoints, networks, and SaaS applications.

6. Incident Response, Forensics & Resilience

Own Incident Response Plan (IRP), crisis playbooks, cyber-forensic readiness, and breach communications.

Guide Business Continuity Planning (BCP) and Disaster Recovery (DR) resilience initiatives.

7. Security Culture, Leadership & Collaboration

Develop and mentor high-performing security engineering, GRC, and SOC teams.

Lead organization-wide security awareness and secure-by-design education for engineering, DevOps, product, and business teams.

Foster strong security partnerships across technology, operations, legal, HR, and product.

Required Experience & Background

Technical & Leadership Expertise

1018+ years of progressive cybersecurity experience with 5+ years in senior leadership (Director, Head of Security, Deputy CISO, or CISO).

Demonstrated ability to build, scale, and lead comprehensive cybersecurity programs across hybrid, cloud-native, and distributed environments.

Proven experience managing enterprise security tools, architectures, frameworks, and regulatory compliance.

Preferred Certifications

CISSP, CISM, CCSP

ISO 27001 Lead Auditor / Lead Implementer

Additional governance or cloud certifications are a plus.