The Security Engineering Lead is the primary technical anchor for the organization's security posture and regulatory alignment. This role is responsible to work along with the Leadership team for setting the long-term vision and roadmap for information security while remaining deeply embedded in the engineering lifecycle. You will lead diverse technical teams to safeguard company assets, ensure global regulatory compliance (GDPR, DPDP, ISO,etc), and pioneer AI Native Defense mechanisms.
Key Responsibilities
- Vision & Roadmap: Work along with the stakeholders to set the vision, strategy, and roadmaps for organizational security and IT programs.
- AI Security & Operations: Lead the dual mandate of securing AI applications against adversarial attacks while simultaneously architecting AI leveraged workflows where autonomous agents execute defensive tasks, triage SAST/DAST analysis, and simulate rapid response (RSR) & penetration tests.
- Offensive & Defensive Operations: Oversee penetration testing and Rapid Security Response (RSR) to simulate attacks and ensure rapid threat detection and remediation.
- Shift Left Partnership: Partner with Product and Engineering teams to automate secure development practices. Drive the adoption of security tools that are compatible with the engineering ecosystem.
- Emerging Tech Governance: Define cybersecurity governance for emerging technologies
- Techno Legal Fluency: Act as the critical bridge between Engineering and Software Legal. Interpret license terms (MIT, Apache, GPL, etc), evaluate IP infringement risks in AI/OSS usage, and manage Licensing FinOps.
- Data Privacy Leadership: Serve as the customer facing SPOC for data privacy advisory (DPDP, GDPR, HIPAA, ISO 27701 etc). Design privacy guardrails for AI/ML applications to protect PII/PHI. Lead efforts in Identity & Access Management (IAM), Privileged User Access, Data Protection, and Encryption to safeguard customer and employee data.
- Dual Audit Authority: Leads the complete audit lifecycle, from internal gap assessments and evidence management to serving as the primary Technical and Information Security SPOC for external audits (ISO, SOC 2 etc) and customer security assessments, including security questionnaires and due-diligence reviews
- Leadership: Build, inspire, and scale a diverse Security team. Foster a culture of trusted cross functional partnership and continuous improvement through internal upskilling and L&D programs.
Security & Compliance Responsibilities
As part of our commitment to ISO 27001 certification, the candidate must:
- Secure Data Handling: Ensure secure data handling practices, including robust encryption at rest and in transit, and strictly managed access controls.
- Leakage Prevention: Design and build secure data pipelines specifically engineered to prevent data leakage.
- Policy Adherence: Strictly follow all data privacy, governance, and organizational ISO 27001 policies.
- Risk Management: Continuously monitor, log, and manage potential security risks within all data systems.
- Audit Readiness: Support audit readiness initiatives and uphold rigorous data protection standards.
Role Requirements
- Experience: Proven track record in developing information security policies and successfully executing programs within an Agile/Engineering environment. Experience in a client facing service environment, managing multiple stakeholders and translating technical debt into business risk. Prior software development experience would be an added advantage
- Education: Bachelor's degree in Computer Science, Cybersecurity, or related field. Advanced certifications (e.g., CISSP, CISM, or CIPP) are highly preferred.
- Communication: Outstanding negotiation skills and the ability to build strong narratives that highlight the importance of security to both technical and non technical audiences.
