Infosec Chief Manager

Key Responsibilities:

• Lead and evolve the enterprise cloud and application security strategy aligned with business goals.

• Collaborate with leadership, DevOps, IT, and product teams to embed security into all phases of development and operations.

• Serve as a subject matter expert (SME) for cloud and application security in internal and external audits.

• Work with legal, compliance, and privacy teams to ensure data protection policies are enforced.

• Perform regular risk assessments and ensure controls are in place to protect PHI, PII, PFI data.

• Develop, implement, and maintain the organization’s information security strategy, policies, and procedures.

• Good understanding of the security tools, such as firewalls, antivirus software, EDR, IDS/IPS, SIEM, etc.

• Conduct regular security training and awareness programs for employees.

• Assist in the preparation of deliverable for InfoSec & Risk Committee Meetings held quarterly.

• Drive Third party risk management and review contracts from InfoSec view.

• Lead IT & InfoSec control testing and present status to the management.

• Lead security certification (ISO 27001) and regulatory audits (IRDAI).

• Design and oversee implementation of cloud security controls, including IAM, encryption, key management, logging/monitoring, and network security.

• Drive Cloud Security Posture Management (CSPM) and compliance automation initiatives.

• Ensure continuous compliance with relevant standards (e.g., ISO 27001, NIST, SOC 2, PCI-DSS, GDPR).

• Define secure coding practices and guidelines; conduct code reviews and threat modeling.

• Lead vulnerability management, penetration testing, and secure SDLC initiatives.

• Identify and assess risks in cloud and application environments; prioritize remediation efforts.

• Respond to and investigate cloud/application-related security incidents and breaches.

• Maintain incident response runbooks and conduct tabletop exercises.

• Lead compliance with industry standards and regulations (e.g., ISO 27001, NIST, DPDPA, PCI DSS).

Qualifications:

Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.

• 10+ years of experience in information security, governance or cybersecurity roles.

• Professional certifications such as CCSP, CEH, CISSP, CISM, CISA, or equivalent are highly desirable.

• Strong knowledge of security technologies, risk management frameworks, and regulatory compliance requirements.

• Experience with cloud security (e.g., AWS, Azure), endpoint protection, network security, and application security.

Excellent analytical, problem-solving, and communication skills.

• Ability to manage multiple projects and priorities in a dynamic environment.