Chief Information Security Officer

Job Title:

Location:

About the Role

Chief Information Security Officer (CISO)

security strategist and practitioner

Key Responsibilities

• Security Strategy & Governance:

• Develop and implement the organization's overall information security strategy and roadmap.
• Ensure compliance with IRDAI regulations, ISO 27001, and other applicable security standards.
• Define and manage security policies, procedures, and best practices.

• Cloud Security (AWS):

• Design, implement, and monitor security controls for AWS environments.
• Conduct regular audits, threat modeling, and vulnerability assessments.
• Manage IAM, security groups, encryption, and key management (KMS).

• Application Security:

• Perform secure code reviews and guide developers on secure coding practices.
• Integrate security testing (SAST, DAST) into the SDLC.
• Perform manual security assessment of the applications.
• Work closely with product and engineering teams to proactively identify and remediate security issues.

• Endpoint & Network Security:

• Deploy, manage, and monitor endpoint protection tools (EDR/AV).
• Implement and maintain firewalls, VPNs, IDS/IPS, and network segmentation.
• Regularly review network configurations and monitor for anomalous activity.

• Email Security:

• Implement and manage email security solutions (SPF, DKIM, DMARC, anti-phishing tools).
• Monitor and respond to email-based threats such as phishing, spoofing, and malware campaigns.
• Conduct phishing simulations and train employees on email security best practices.

• Data Loss Prevention & Zero Trust:

• Implement and manage DLP solutions to prevent data leaks and unauthorized sharing.
• Design and enforce zero trust security architecture, including identity-based access controls and continuous verification.

• Vulnerability Management:

• Establish and run a vulnerability management program including regular scanning, prioritization, and patch management.
• Coordinate with engineering teams to remediate identified vulnerabilities in a timely manner.
• Track and report vulnerability closure rates and risk reduction over time.

• Risk Management & Incident Response:

• Establish risk assessment processes and maintain a risk register.
• Develop and execute an incident response plan, lead investigations, and ensure timely remediation.

• Stakeholder Communication:

• Act as the security point-of-contact for internal teams, external partners, and auditors.
• Report security posture, risks, and mitigation status to leadership.

• Security Awareness:

• Conduct security training and awareness sessions for employees.

Qualifications & Skills

• Proven experience (5+ years) in information security, preferably in financial services, fintech, or insurance sector.
• Strong knowledge of

  AWS security best practices

  , including IAM, networking, encryption, and monitoring.
• Hands-on experience with

  application security

  , secure SDLC, and common security tools (e.g., Burp Suite).
• Solid understanding of

  endpoint protection technologies

  ,

  network security controls

  ,

  email security protocols (SPF/DKIM/DMARC)

  ,

  DLP solutions

  ,

  zero trust principles

  , and

  vulnerability management program

  .
• Familiarity with IRDAI security guidelines, ISO 27001, DPDPA, and other regulatory frameworks.
• Experience with SIEM tools, vulnerability scanners, and incident response.
• Excellent problem-solving, communication, and stakeholder management skills.
• Relevant certifications such as

  CISSP, CISM

  preferred.

  Role & responsibilities

Preferred candidate profile