Chief Information Security Officer

Chief Information Security Officer (CISO) & Head of Cybersecurity PracticeLocation: Gurgaon, India Experience: Minimum 10 years of progressive experience in cybersecurity leadership roles Type: Full-time, Leadership RoleLevel: Director or Sr. DirectorAbout IncedoIncedo is a US-based consulting, analytics, and technology services firm helping our clients achieve competitive advantage through end-to-end digital transformation. We bring in a unique combination of Consulting, Data/AI, and Digital Technologies to solve complex business problems for its global set of marquee clients. With offices across the US, Canada, Mexico, and India, and over 4,000 employees globally, we operate at the cutting edge of data, design, and technology.
Our core verticals include Telecom, Banking & Payments, Wealth Management, Hi-Tech/Product Engineering, Life Sciences/Pharma/Healthcare.Our unique value lies in blending strong engineering, data science, and experience design capabilities with deep domain expertise, enabling us to deliver significant business impact using emerging technologies.Job Summary: The Chief Information Security Officer (CISO) is responsible for developing, implementing, and overseeing the security strategy for an IT outsourcing company. The CISO will ensure the security, integrity, and compliance of client and internal IT systems while mitigating cybersecurity risks. This role involves working closely with clients, regulatory bodies, and internal teams to implement best security practices and maintain compliance with industry standards.Key Responsibilities: Strategic Leadership•Develop and implement a comprehensive cybersecurity strategy aligned with business objectives.•Lead the information security function to protect company and client data from cyber threats.•Establish policies, procedures, and frameworks to secure IT infrastructure and outsourced services.Security Governance & Compliance•Ensure compliance with industry regulations, such as ISO 27001, SOC 2, GDPR, HIPAA, and other applicable security frameworks.•Conduct regular security audits and risk assessments to identify vulnerabilities and implement corrective actions.•Establish security governance frameworks and ensure adherence to global best practices in IT security.•Work with legal and compliance teams to assess security risks in contracts and SLAs with clients.Risk Management & Incident Response•Identify, assess, and mitigate security risks related to IT outsourcing operations.•Develop, implement, and test incident response plans to address security breaches and cyber threats.•Monitor and analyse security incidents, ensuring timely resolution and documentation.•Lead disaster recovery and business continuity planning efforts.Security Architecture & Technology•Define and oversee the implementation of security architecture for outsourced IT services.•Collaborate with IT teams to integrate security into DevOps, cloud services, and application development.•Evaluate and implement advanced cybersecurity tools and threat intelligence solutions.•Ensure security best practices in network, endpoint, and data protection for client engagements.•Implement secure email gateways, DMARC, DKIM, and SPF protocols to prevent email spoofing and phishing attacks.•Deploy and manage advanced endpoint security solutions, including next-gen antivirus (NGAV) and behavioural analytics.•Monitor and enhance web application firewall (WAF) solutions to prevent application-layer attacks.•Strengthen security posture with zero-trust architecture, data loss prevention (DLP), and privileged access management (PAM).Client & Stakeholder Engagement•Act as a trusted advisor for clients on cybersecurity and data protection matters.•Provide security guidance and assurance during client onboarding and ongoing engagements.•Educate clients on emerging threats and security measures to safeguard their IT assets.•Collaborate with sales and pre-sales teams to address security concerns in RFPs and proposals.Team Development & Security Awareness•Build and lead a high-performing cybersecurity team within the organization.•Develop and deliver security awareness training programs for employees and outsourced IT teams.•Foster a culture of cybersecurity awareness across all levels of the organization.Required Skills & Expertise➢Comprehensive Expertise in Cybersecurity Tools & Platforms: Demonstrated hands-on experience with a wide range of advanced cybersecurity technologies including Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM) systems like Splunk and Microsoft Sentinel, Data Loss Prevention (DLP), Identity and Access Management (IAM), Web Application Firewalls (WAF), Firewalls, and Cloud Access Security Brokers (CASB). The CISO must be adept at selecting, implementing, and optimizing these tools to secure both internal and client-facing environments.➢Leadership in Cybersecurity Transformation: Proven track record of conceptualizing and leading enterprise-wide cybersecurity transformation programs, ensuring alignment with business goals, industry regulations, and emerging threat landscapes. This includes modernizing security architectures, redefining incident response frameworks, and embedding security into the company’s digital transformation journey.➢Cloud Security Mastery: In-depth knowledge of cloud security frameworks and implementation across major platforms such as AWS, Microsoft Azure, and Google Cloud Platform (GCP). The candidate should be capable of enforcing security controls in hybrid and multi-cloud environments, including workload protection, cloud-native controls, encryption, and identity governance.➢DevSecOps & Infrastructure Security: Strong understanding and practical application of DevSecOps principles, infrastructure security, and the secure software development lifecycle (SSDLC). The CISO must be able to embed security automation and compliance checks into CI/CD pipelines and promote secure coding practices.➢Audit & Compliance Management: Significant hands-on experience managing internal and third-party audits, overseeing regulatory inspections, and conducting enterprise risk assessments. Familiarity with compliance frameworks such as ISO 27001, SOC 2, GDPR, HIPAA, and other relevant standards for IT outsourcing firms is essential.➢Incident & Crisis Management: Demonstrated ability to lead cross-functional teams during critical security incidents, including managing the technical response, external communications, legal implications, and post-incident reviews. Experience handling data breaches and ransomware attacks with minimal disruption is a strong plus.➢Cybersecurity Analytics & Threat Intelligence: Expertise in utilizing cybersecurity analytics platforms and threat intelligence tools such as Qualys, Tenable, and commercial/government feeds to proactively detect, investigate, and respond to advanced threats.➢Executive-Level Communication: Excellent ability to communicate complex security concepts and risks clearly and effectively to C-suite executives, board members, clients, and regulators. Should be capable of creating board-level reports, security dashboards, and business-aligned risk assessments.Educational & Professional QualificationsAcademic Background: A bachelor’s degree in engineering, Computer Science, Information Systems, or a related technical discipline is required. A Postgraduate Degree or MBA is preferred to ensure a balanced perspective between business and technical leadership.Certifications: Possession of industry-recognized certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and InformationSystems Control), or CCSP (Certified Cloud Security Professional) is essential, highlighting a commitment to professional excellence and continuing education in the field.Soft Skills & Core Competencies•Visionary Leadership: Builds and mentors high-performing, globally distributed cybersecurity teams; fosters innovation and accountability•Strategic Execution: Balances long-term security vision with hands-on execution to drive measurable business outcomes•Analytical Risk Management: Proactively identifies threats and mitigates risks using a data-driven, practical approach•Ethical Leadership: Operates with integrity and transparency, ensuring compliance with all legal and regulatory standards•Crisis Resilience: Remains calm and decisive under pressure, effectively managing incidents and audits•Clear Communication: Simplifies complex technical issues for stakeholders; excels in documentation and board-level reportingWhy Join Us?This is a high-impact leadership role at a pivotal moment in our growth. You will shape how we scale our product ecosystem, modernize engineering practices, and deliver value across business verticals. Join a collaborative, forward-looking team that values innovation, autonomy, and bold thinking.