Chief Information Security Officer

Chief Information Security Officer (CISO)

Bangalore

The CISO will provide strategic vision and leadership across the entire technology and cybersecurity landscape for Quess. This role integrates responsibility for technology innovation, digital transformation, IT operations, enterprise architecture, and end-to-end cybersecurity governance. The leader will drive technology modernization, ensure secure digital operations, oversee risk and compliance, enable business scalability, and foster a future-ready tech culture all while protecting the organization's information assets across all geographies, business units, clients, platforms and workforce environments.

Key Responsibilities:

Define, develop and execute the enterprise-wide information security strategy aligned with risk appetite and business objectives.

Establish and maintain a comprehensive Information Security Management System (ISMS) policies, procedures, controls and guidelines.

Lead Threat & Vulnerability Management, identifying and mitigating security risks across digital platforms, outsourcing services, and large distributed workforces.

Oversee security architecture for systems, networks, cloud environments, endpoints, mobile workforce and remote access.

Build and run a Security Operations Centre (SOC) and Incident Response function to detect, respond to and recover from cyber incidents.

Manage vendor and third-party security assessments across clients, partners, and service ecosystems (including PPS environments).

Ensure compliance with ISO 27001/27002, NIST, SOC2, GDPR (if applicable), PCI, IT Act, and other regulatory frameworks.

Drive security awareness and training across IT and non-IT workforce segments.

Integrate cybersecurity requirements into business continuity and disaster recovery (BCP/DR) strategies.

Deliver periodic reports to executive leadership and the Board's Risk & Compliance Committee.

Required Skills & Competencies:

Strong expertise in enterprise IT architecture, cloud platforms (AWS/Azure/GCP), DevOps, microservices, data platforms, and automation.

Proven experience leading large-scale system integrations, digital transformation programs, and IT modernization.

Ability to evaluate, adopt and scale emerging technologies such as AI, ML, RPA, low-code platforms, IoT, and analytics.

Strong program management, technology governance and vendor management capability.

Experience running global technology operations for high-volume, multi-location or workforce-intensive businesses.

Deep understanding of cyber frameworks, network and application security, cloud security, threat intelligence, SOC operations, IR, IAM, GRC.

Strong experience in risk management, regulatory compliance and security engineering in complex enterprises.

Ability to lead through crises and manage high-severity security incidents Leadership Competencies (CTO + CISO)

Strategic Thinking: Ability to align technology and security strategies with organizational goals.

Executive Communication: Able to articulate complex concepts to CEOs, Board members, business leaders, clients and technical teams.

Influence & Collaboration: Ability to drive change across global teams without relying on authority.

Team Building: Skilled in building and leading global/distributed engineering, IT and security teams.

Operational Excellence: Strong focus on process improvement, service quality and measurable outcomes.

Educational Background and Experience:

Engineering in Technology is a must, Information Security, Engineering, IT, or related fields.

16+ years of experience across technology leadership, enterprise IT, cybersecurity, digital transformation and engineering operations.

16+ years of experience across technology leadership, enterprise IT, cybersecurity, digital transformation and engineering operations.

Minimum 710 years in senior leadership roles (CTO/CIO/CISO/Head of Technology).

Certifications such as CISSP, CISM, CRISC, ISO 27001 LA/LI, TOGAF, PMP, AWS/Azure Architect are preferred.

Experience in large-scale enterprises, service providers, staffing/outsourcing, or multi-geography organizations is highly desirable.