Chief Information Security Officer

Role Details

• Role Title: Chief Information Security Officer

Background to the role

The Chief Information Security Officer (CISO) is responsible for developing and implementing the overall security strategy for [Company Name], an insurance player. The CISO will ensure the protection of information assets, IT infrastructure, applications, data owned / managed by the organization and compliance with industry-specific regulations. This leader will work closely with executive leadership, IT teams, operations teams, and external partners to design and enforce a robust cybersecurity posture across all aspects of the business.

Key Responsibilities

Strategy & Governance

• Develop and implement the enterprise-wide information security strategy, aligning with business objectives and regulatory requirements.
• Lead the Information Security Governance, Risk, and Compliance (GRC) program to ensure a proactive approach to cybersecurity risk management.
• Establish and maintain a comprehensive Information Security Management System (ISMS) aligned with industry standards (e.g., ISO 27001, NIST etc.).
• Provide regular reporting on the security status of the organization to executive leadership and the board of directors.
• Develop and oversee cybersecurity budgets and resource allocation, ensuring optimal use of resources.

2.

• Define and manage IT and cloud security strategies, ensuring secure deployment and management of cloud-based services.
• Implement security controls for corporate IT infrastructure, including network security, endpoint protection, identity and access management (IAM), and data loss prevention (DLP).
• Ensure effective monitoring, detection, and response to security threats and incidents within the IT and cloud environments.

3.

• Develop and oversee secure software development practices, ensuring that security is integrated into all phases of the application lifecycle.
• Implement secure coding standards, code reviews, and vulnerability scanning for internally developed and third-party applications.
• Lead efforts to mitigate application-level threats such as SQL injection, cross-site scripting (XSS), and insecure APIs to name a few.

Supplier and Third-Party Security

• Establish and maintain a supplier security management program to assess and manage cybersecurity risks from third-party vendors.
• Work closely with procurement and supplier management teams to ensure that security standards are embedded in supplier contracts and procurement processes.
• Regularly assess suppliers and third-party service providers for adherence to cybersecurity requirements.

Regulatory Compliance

• Ensure compliance with all relevant industry regulations and standards, including those related to insurance, data protection (IRDAI, DPDPA etc.), and cybersecurity frameworks.
• Monitor emerging regulatory requirements and adjust security strategies to ensure continuous compliance.
• Oversee audits, security assessments, and certifications to validate the companys security posture.

Incident Response & Threat Management

• Develop and lead the organizations incident response strategy, ensuring rapid containment and remediation of security incidents.
• Oversee the Security Operations Center (SOC) and ensure 24/7 monitoring, threat detection, and incident response capabilities.
• Lead investigations into security breaches and manage communications with internal stakeholders, regulators, and law enforcement when necessary.

Leadership and Team Management

• Build, develop, and lead a high-performing cybersecurity team, fostering a culture of security awareness across the organization.
• Provide leadership, mentoring, and development opportunities to team members, ensuring continuous professional growth.
• Collaborate across departments to promote a strong cybersecurity culture, including organizing training and awareness programs for employees.

Experience Requirements

• Minimum 15+ years of experience in information security management roles, with at least 5 years in Cyber Security leadership position.
• Proven experience in developing and implementing cybersecurity strategies
• Experience with IT security, cloud security, and application security etc.

Education Requirements

• Bachelor’s or Master’s degree in Information Security, Computer Science, Engineering, or a related field.
• Professional certifications such as CISSP, CISM, CISA (at least one) are highly desirable.