Chief Information Security Officer

About the Role :

We are seeking a highly skilled and visionary Chief Information Security Officer (CISO) to lead the organizations information security strategy and ensure the protection of digital assets, systems, and sensitive data.

The CISO will be responsible for developing, implementing, and overseeing enterprise-wide information security programs, policies, and governance frameworks to align with business objectives, industry standards, and regulatory requirements.

Key Responsibilities :

- Oversee the design and implementation of security architectures, frameworks, and technologies to safeguard information assets.

- Establish and maintain an enterprise-wide information security management program (ISMS) aligned with ISO 27001, NIST, COBIT, and other global standards.

- Define and enforce risk management practices, conducting regular risk assessments, threat modeling, and vulnerability management activities.

- Ensure compliance with data protection laws (GDPR, HIPAA, PCI-DSS, IT Act, etc.) and embed privacy-by-design principles into business operations.

- Drive the implementation of incident response and disaster recovery plans, leading security operations during cyber incidents.

- Collaborate with executive leadership and stakeholders to align security priorities with business goals and regulatory obligations.

- Oversee third-party/vendor risk management processes, ensuring partners adhere to security requirements.

- Conduct regular security awareness training and advisory sessions for employees, leadership teams, and the board.

- Provide leadership in adopting and integrating new security technologies such as Zero Trust, IAM, SIEM, DLP, SOAR, EDR, and Cloud Security solutions.

- Represent the organization in audit, compliance, and regulatory forums, ensuring adherence to global cybersecurity and privacy regulations.

Mandatory Requirements :

- In-depth knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS Controls, COBIT).

- Strong expertise in risk management, data protection, and regulatory compliance.

- Proven ability to design and implement governance, risk, and compliance (GRC) programs.

- Hands-on experience with network security, endpoint protection, identity & access management, cloud security, and security monitoring tools.

- Strong leadership and communication skills with the ability to advise C-level executives and board members.

- Track record of handling complex cyber incidents, audits, and regulatory inquiries.

Preferred Certifications :

- CISM (Certified Information Security Manager)

- CEH (Certified Ethical Hacker)

- Additional preferred certifications : CIPP/E, CIPM, CDPO, CRISC, ISO 27001 Lead Auditor/Implementer

Soft Skills & Attributes :

- Strong problem-solving, analytical, and decision-making capabilities.

- Ability to influence stakeholders and drive organization-wide security awareness.

- Proven leadership in managing and mentoring cybersecurity teams