Job Title: Director Information Security
Location:
Department:
Reports to:
Experience Required:
Employment Type:
About ReverseLogix
ReverseLogix is a rapidly growing enterprise SaaS company specializing in end-to-end returns management solutions. Headquartered in the U.S. with a strong presence in India, we are redefining how organizations handle reverse logistics through intelligent, configurable, and scalable technology. Join a dynamic team driving innovation for global brands.
Position Summary
Director Information Security
Key Responsibilities
1. Security Strategy & Governance
- Define and implement the company-wide
Information Security strategy
aligned with business goals and compliance requirements (e.g., SOC 2, ISO 27001, GDPR, etc.). - Develop and maintain
security policies, standards, and guidelines
for product, infrastructure, and internal systems. - Own and manage the
Information Security Management System (ISMS)
. - Oversee
risk management frameworks
and ensure regular updates to the risk register.
2. Application Security
- Implement and run
DAST (Dynamic Application Security Testing)
tools to scan web-facing assets for vulnerabilities. - Lead or conduct
SAST (Static Application Security Testing)
and dependency scanning
for codebases and libraries. - Oversee and guide the
Secure SDLC
process, embedding security from design to deployment. - Collaborate closely with product and engineering teams to ensure security is a shared responsibility across the DevOps lifecycle.
3. Penetration Testing & Vulnerability Management
- Plan and conduct internal penetration testing, or coordinate third-party pen testing engagements.
- Review and interpret pen test reports, identify severity of vulnerabilities, and
lead remediation
efforts. - Own and drive the
vulnerability management lifecycle
, including CVE tracking and patch prioritization. - Maintain a continuous view of the attack surface using tools
4. Security Awareness & Training (SAT)
- Implement and manage
Security Awareness Training (SAT)
programs company-wide (e.g., phishing simulations, secure coding practices). - Conduct periodic security workshops for engineering and other departments.
- Ensure training is updated to reflect current threats and industry best practices.
5. Customer & Stakeholder Engagement
- Serve as the
customer-facing security expert
during pre-sales calls, RFP responses, security due diligence, and audit meetings. - Prepare and present
detailed InfoSec posture presentations
to customers, partners, and internal executives. - Collaborate with sales, legal and compliance teams to respond to
customer security questionnaires
and reviews. - Should be available for discussions with clients in their respective time zones.
6. Data Protection & Compliance
- Review and negotiate
Data Processing Agreements (DPAs)
with customers and vendors to ensure compliance with data privacy laws (e.g., GDPR, CCPA). - Drive compliance initiatives including
SOC 2 Type II
, ISO 27001
, and other certifications as required. - Ensure appropriate
data classification, retention, and deletion
policies are in place and enforced. - Manage data breach readiness and incident response plans.
7. Security Operations & Monitoring
- Implement and manage security tools such as
SIEMs, endpoint protection (EDR), firewalls, and IDS/IPS
. - Actively monitor security alerts and manage incident response when necessary.
- Investigate security incidents, perform root cause analysis, and document outcomes.
- Ensure strong IAM (Identity & Access Management) and least-privilege policies across infrastructure.
8. Leadership & Collaboration
- Lead by example as a
technical authority and thought leader
in security. - Mentor junior team members or engineers interested in security.
- Collaborate across functions (product, dev, infra, HR, legal) to ensure a cohesive security culture.
- Periodically report security KPIs and posture to executive leadership and the board.
Qualifications & Skills
- Bachelors or Masters degree in Computer Science, Information Technology, Cybersecurity, or a related field.
18+ (max 25) years of progressive experience
in IT Security, including leadership roles in complex enterprise environments.- Professional certifications such as
CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor
are highly preferred. - In-depth understanding of information security frameworks, network security, application security and cloud security.
- Proven track record of managing large-scale security programs and navigating security incidents.
- Experience working in high-growth, SaaS-based, or global technology environments is a strong plus.
- Strong interpersonal communication, and stakeholder management skills.
- Experience in policies and practices for peer reviews, including security checklists.
- Understand and promote the use of tools like SonarQube etc.
- Be able to recognize patterns or indicators of insecure coding in sample reviews.
- Excellent Communication Skills Oral and Written for regular interactions with the overseas clients - Existing and potential
What We Offer
- A leadership role in a mission-driven company building cutting-edge technology.
- Competitive compensation
- Opportunity to shape the cybersecurity landscape of a fast-growing enterprise.
- Hybrid work flexibility and a collaborative, innovation-first culture.
