Junglee Games - Head of Product Security

About the Role :

You will partner with global stakeholders and represent the organizations commitment to

secure, compliant, and resilient systems at scale.

Key Responsibilities :

1. Security Strategy & Governance :

- Define and execute an enterprise-wide information security and privacy strategy aligned with business scale and global regulatory requirements

- Build a risk-based security program leveraging NIST Cybersecurity Framework (CSF) and Risk Management Framework (RMF)

- Establish governance models aligned to ISO 27001 controls and SOC 2 trust service criteria

- Provide leadership visibility into cyber risk, compliance posture, and regulatory readiness

across GDPR and DPDP

2. Regulatory Compliance & Data Privacy (GDPR + DPDP) :

Lead end-to-end compliance with :

- GDPR (General Data Protection Regulation) for global user base

- Indias Digital Personal Data Protection (DPDP) Act

- Implement and scale :

1. Consent management frameworks and audit trails

2. Data principal rights management (access, correction, erasure)

3. Purpose limitation and data minimization practices

4. Ensure privacy-by-design and privacy-by-default principles across all products

5. Drive Data Protection Impact Assessments (DPIA) and regulatory readiness

6. Establish controls for cross-border data transfers and localization requirements

3. Security Frameworks & Certifications (NIST, ISO 27001, SOC 2) :

Design and operationalize controls aligned with :

- NIST CSF and NIST 800 series (including 800-53, secure SDLC practices)

- ISO 27001 ISMS framework (implementation, certification, and continuous improvement)

- SOC 2 (Type I & Type II) compliance and audit readiness

- Lead control mapping, gap assessments, and continuous maturity enhancements

- Own relationships with external auditors, certification bodies, and regulatory agencies

4. Infrastructure & Cloud Security :

1. Secure cloud-native environments (AWS/GCP/Azure) and distributed systems at scale

2. Implement security controls aligned with NIST and ISO 27001 standards

- Drive initiatives across :

1. Identity & Access Management (IAM)

2. Encryption (at rest and in transit)

3. Network and endpoint security

4. Protect systems against DDoS, bot attacks, fraud, and real-time gaming threats

5. Application & Product Security :

- Embed DevSecOps practices aligned with NIST secure development guidelines and SOC 2

requirements

- Lead threat modeling, secure architecture reviews, and penetration testing

- Ensure secure-by-design product development across all engineering teams

6. Security Operations & Incident Response :

- Build and scale Security Operations (SOC) aligned with NIST incident response framework

- Develop and operationalize :

1. Threat detection and response mechanisms

2. Incident management and forensic capabilities

3. Breach notification processes aligned with GDPR and DPDP

4. Conduct regular cyber drills and tabletop exercises

7. Risk Management & Audit :

- Establish a comprehensive risk management program aligned with NIST RMF

- Define and track security KPIs and KRIs mapped to ISO 27001 and SOC 2 controls

- Lead internal and external audits, compliance reviews, and certification processes

- Ensure continuous control monitoring, reporting, and remediation

8. Global Stakeholder Engagement :

- Partner with international business, legal, and technology teams

- Represent the organization in :

1. Regulatory discussions and audits

2. Enterprise customer security reviews

3. Industry security forums and benchmarking exercises

What Were Looking For :

- Proven experience driving compliance across GDPR, DPDP, ISO 27001, and SOC 2

- Hands-on experience implementing NIST-based security programs

Technical & Functional Expertise :

- NIST CSF / RMF frameworks

- ISO 27001 ISMS design and implementation

- SOC 2 audit readiness and control environments

- Data privacy frameworks including GDPR and DPDP

- Deep understanding of cloud security, application security, IAM, and data protection

Certifications (Preferred) :

ii. ISO 27001 Lead Implementer / Lead Auditor

iii. Privacy certifications (CIPP / CIPM)