Chief Information Security Officer (CISO)

As the Chief Information Security Officer (CISO) at Galaxy Health Insurance, you will lead the development and implementation of a robust cybersecurity strategy to safeguard digital assets and data. This role ensures compliance with Indian regulations (IRDAI, DPDPA) while mitigating risks in cloud infrastructure, APIs and third-party ecosystems.

Role & responsibilities

Cybersecurity Strategy & Execution

• Design and execute a comprehensive enterprise-wide information security strategy aligned with IRDAI guidelines, ISO 27001, and global best practices.
• Secure core systems including APIs, applications, databases and cloud workloads.
• Integrate cybersecurity into digital transformation, DevSecOps, and product lifecycle initiatives.

Policies & Governance

• Define, develop, implement, and maintain information security policies, standards, and procedures.
• Ensure policy enforcement across departments through regular audits, compliance reviews and corrective action plans.
• Review and update policies in response to threat landscape changes and regulatory updates.
• Embed policy controls in business processes, vendor SLAs and IT operations.

Regulatory Compliance & Risk Management

• Ensure compliance with IRDAI cybersecurity regulations, DPDPA, HIPAA (as applicable), and ISO 27001.
• Conduct risk assessments, privacy impact assessments, and internal security audits.
• Monitor and manage cybersecurity risks related to third parties and APIs.

Security Operations & Incident Response

• Lead the Security Operations Center (SOC), incident response team, and threat monitoring processes.
• Establish and maintain robust incident response and disaster recovery plans.
• Ensure timely breach detection, containment, investigation, and regulatory reporting, especially for PII and financial data breaches.

Collaboration & Stakeholder Engagement

• Work closely with IT, application owners, operations, legal, compliance, and external providers to ensure secure operations.
• Serve as the key liaison with regulators (e.g., IRDAI), auditors, and industry bodies on security matters.
• Oversee security due diligence for partnerships, vendor onboarding, and mergers/acquisitions.

Training & Awareness

• Build and maintain an organization-wide security awareness program, including phishing simulations and secure data handling training.
• Promote a culture of security and data privacy across all levels of the organization.

Reporting & Metrics

• Provide regular reports and dashboards to executive leadership and the board on the organizations security posture, key risks, and ongoing initiatives.
• Track key risk indicators (KRIs), audit findings, and mitigation timelines.

Requirements and skills

• Bachelors or Masters degree in Information Security, Computer Science, Information Technology, or a related field.
• 10–15 years of progressive experience in information security, with at least 5 years in a leadership or CISO role, preferably within the insurance sector.
• Strong understanding of IRDAI cybersecurity regulations, HIPAA, NIST, and ISO/IEC 27001 standards.
• Hands-on expertise in cloud security, Identity and Access Management (IAM), data privacy, SOC operations, Vulnerability Assessment and Penetration Testing (VAPT) and security monitoring tools.
• Demonstrated success in managing security program governance, risk management initiatives, and regulatory audit readiness.
• Industry-recognized certifications such as CISSP, CISM, CISA, CRISC, HCISPP, or ISO 27001 Lead Implementer are highly preferred.
• Excellent leadership, communication, and stakeholder engagement skills.

Immediate availability is preferred

Perks and benefits