Develop and implement a comprehensive cybersecurity strategy that aligns with business objectives and regulatory requirements.
Establish cybersecurity policies, standards, and guidelines based on industry best practices and regulatory frameworks (ISO 27001, NIST, GDPR, IRDAI, RBI).
Conduct regular reviews and audits to ensure compliance with internal policies and regulatory requirements.
Conduct training sessions to enhance security awareness across the organization, ensuring all employees understand and comply with security protocols.
Collaborate with HR to maintain a cybersecurity-aware culture through regular training and education programs.
RiskManagement & Compliance
Lead risk assessments to identify potential security threats and vulnerabilities, proposing effective mitigation measures.
Collaborate with Compliance and Legal teams to ensure adherence to all relevant laws and regulations in the insurance industry.
Overseesecurity-related regulatory reporting and documentation, maintaining clear communication with relevant regulatory bodies.
Incident Management & Response
Develop and maintain an incident response program, managing cybersecurity incidents and data breaches from detection to remediation.
Establish a robust reporting mechanism to inform stakeholders of security incidents and vulnerabilities.
Conductroot-cause analyses and implement preventive measures to reduce future incidents.
Security Architecture & Operations
Design and oversee the implementation of secure infrastructure, systems, and processes across the organization.
Manage security monitoring, intrusion detection, and vulnerability management tools, ensuring rapid identification and response to threats.
Ensure robust data protection measures, including encryption, access control, and secure storage, to safeguard sensitive information.
Stakeholder Engagement & Reporting
Act as a key security advisor to senior leadership, presenting regular updates on security status, risks, and remediation activities.
Collaborate closely with Product, Engineering, Compliance, and IT teams to embed security best practices into development processes.
Prepare and present reports for the executive team and board, translating complex security issues into actionable insights.
Requirements
Qualifications
Experience
5+ years of experience in cybersecurity, with a focus on risk management, compliance, and information security in regulated industries, preferably in Insurtech, Fintech, or Financial Services.
Proven experience managing a team of cybersecurity professionals, with a track record of successfully implementing security programs in a complex environment.
Strong understanding of regulatory and compliance frameworks such as ISO 27001, IRDAI, RBI, GDPR, and NIST, with experience in aligning security practices to meet these requirements.
Technical Skills
Proficiency in risk assessment tools, vulnerability management, and incident response protocols.
Familiarity with security technologies such as SIEM, firewalls, IDS/IPS, endpoint protection, and encryption.
Strong knowledge of cloud security, DevSecOps, and secure software development practices.
Education & Certifications
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field; Master's degree preferred.
Professional certifications such as CISSP, CISM, CISA, or CRISC are desirable.
Soft Skills
Excellent problem-solving abilities with a strategic and analytical mindset.
Strong leadership, communication, and interpersonal skills, with the ability to work effectively across teams and influence stakeholders.
High ethical standards and a commitment to maintaining the confidentiality, integrity, and availability of information
