Job Title: Director Information Security Location: Gurgaon Preferred Department: IT & Security Reports to: Vice President Engineering Experience Required: 18-25 years Employment Type: Full-time About ReverseLogix ReverseLogix is a rapidly growing enterprise SaaS company specializing in end-to-end returns management solutions. Headquartered in the U.S. with a strong presence in India, we are redefining how organizations handle reverse logistics through intelligent, configurable, and scalable technology. Join a dynamic team driving innovation for global brands. Position Summary The Director Information Security will serve as the strategic and operational leader responsible for establishing and maintaining a company-wide information security program to ensure that information assets and technologies are adequately protected. This individual will lead the planning, implementation, and maintenance of the companys information security, data privacy, risk management, and compliance programs. Key Responsibilities 1. Security Strategy & Governance Define and implement the company-wide Information Security strategy aligned with business goals and compliance requirements (e.g., SOC 2, ISO 27001, GDPR, etc.). Develop and maintain security policies, standards, and guidelines for product, infrastructure, and internal systems. Own and manage the Information Security Management System (ISMS) . Oversee risk management frameworks and ensure regular updates to the risk register. 2. Application Security Implement and run DAST (Dynamic Application Security Testing) tools to scan web-facing assets for vulnerabilities. Lead or conduct SAST (Static Application Security Testing) and dependency scanning for codebases and libraries. Oversee and guide the Secure SDLC process, embedding security from design to deployment. Collaborate closely with product and engineering teams to ensure security is a shared responsibility across the DevOps lifecycle. 3. Penetration Testing & Vulnerability Management Plan and conduct internal penetration testing, or coordinate third-party pen testing engagements. Review and interpret pen test reports, identify severity of vulnerabilities, and lead remediation efforts. Own and drive the vulnerability management lifecycle , including CVE tracking and patch prioritization. Maintain a continuous view of the attack surface using tools 4. Security Awareness & Training (SAT) Implement and manage Security Awareness Training (SAT) programs company-wide (e.g., phishing simulations, secure coding practices). Conduct periodic security workshops for engineering and other departments. Ensure training is updated to reflect current threats and industry best practices. 5. Customer & Stakeholder Engagement Serve as the customer-facing security expert during pre-sales calls, RFP responses, security due diligence, and audit meetings. Prepare and present detailed InfoSec posture presentations to customers, partners, and internal executives. Collaborate with sales, legal and compliance teams to respond to customer security questionnaires and reviews. Should be available for discussions with clients in their respective time zones. 6. Data Protection & Compliance Review and negotiate Data Processing Agreements (DPAs) with customers and vendors to ensure compliance with data privacy laws (e.g., GDPR, CCPA). Drive compliance initiatives including SOC 2 Type II , ISO 27001 , and other certifications as required. Ensure appropriate data classification, retention, and deletion policies are in place and enforced. Manage data breach readiness and incident response plans. 7. Security Operations & Monitoring Implement and manage security tools such as SIEMs, endpoint protection (EDR), firewalls, and IDS/IPS . Actively monitor security alerts and manage incident response when necessary. Investigate security incidents, perform root cause analysis, and document outcomes. Ensure strong IAM (Identity & Access Management) and least-privilege policies across infrastructure. 8. Leadership & Collaboration Lead by example as a technical authority and thought leader in security. Mentor junior team members or engineers interested in security. Collaborate across functions (product, dev, infra, HR, legal) to ensure a cohesive security culture. Periodically report security KPIs and posture to executive leadership and the board. Qualifications & Skills Bachelors or Masters degree in Computer Science, Information Technology, Cybersecurity, or a related field. 18+ (max 25) years of progressive experience in IT Security, including leadership roles in complex enterprise environments. Professional certifications such as CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor are highly preferred. In-depth understanding of information security frameworks, network security, application security and cloud security. Proven track record of managing large-scale security programs and navigating security incidents. Experience working in high-growth, SaaS-based, or global technology environments is a strong plus. Strong interpersonal communication, and stakeholder management skills. Experience in policies and practices for peer reviews, including security checklists. Understand and promote the use of tools like SonarQube etc. Be able to recognize patterns or indicators of insecure coding in sample reviews. Excellent Communication Skills Oral and Written for regular interactions with the overseas clients - Existing and potential What We Offer A leadership role in a mission-driven company building cutting-edge technology. Competitive compensation Opportunity to shape the cybersecurity landscape of a fast-growing enterprise. Hybrid work flexibility and a collaborative, innovation-first culture.
Wait!
Before You Leave... Find Your Perfect Job!
Are you sure you don't want to discover the perfect job opportunity? At JobPe, we help you find the best career matches, tailored to your skills and preferences. Don’t miss out on your dream job!