Director, Information Security

• Leadership and Team Building:

  Build and lead skilled Information Security, Governance, Risk and Compliance teams in India, fostering collaboration, innovation, and continuous improvement.

• Strategic Planning and Implementation:

  Develop and execute a comprehensive information security strategy aligned with Toasts business objectives and global security framework.

• Security Operations:

  Manage daily security operations, including incident response, vulnerability management, and threat intelligence. Lead security awareness initiatives to enhance the organizations defense posture.

• Compliance and Risk Management:

  Ensure compliance with relevant industry standards / regulatory requirements (e.g. SOX, PCI, SOC, etc) and internal policies. Proactively identify, assess, and mitigate compliance and security risks.

• Collaboration and Communication:

  Work closely with cross-functional teams, including Engineering, IT, Operations, Enterprise Risk, and Legal, to integrate security into all aspects of the business. Communicate effectively with senior leadership and stakeholders on security risks and initiatives.

• Innovation and Adaptation:

  Stay abreast of emerging security threats and technologies, and adapt security strategies and controls accordingly. Support security as a culture of yes, unblocking engineering and product innovation wherever possible.

Qualifications:

• Extensive Experience:

  10+ years of experience in information security, compliance, and risk management, with demonstrated success in leading security teams and initiatives.

• Strong Leadership Skills:

  Ability to inspire and motivate teams, build strong relationships, and influence at all levels of the organization.

• Technical Expertise:

  Expertise in cybersecurity technologies, risks and controls processes, best practices, and emerging threats.

• Strategic Thinking:

  Ability to develop and implement strategic security initiatives aligned with business goals. Creative and open to interpretation in security architecture and design. Not rigid in implementation of security standards.

• Problem Solving and Decision Making:

  Ability to analyze complex security issues, identify root causes, and develop effective solutions.

• Excellent Communication Skills:

  Ability to communicate technical concepts clearly and concisely to both technical and non-technical audiences.

• Industry Knowledge:

  Strong knowledge of security frameworks and regulations such as: PCI DSS, SOC, SOX, NIST CSF, and ISO 27001.

Additional Considerations:

• Experience in the technology, payment card or financial services industry is a plus.
• CISSP, CISM, or other relevant security certifications are highly desirable.
• Strong understanding of cloud security and data protection principles.
• Experience with security incident response and forensic investigations.
• Experience with supporting security in cutting-edge software or hardware development organization