Senior Information Security Officer
KloudGin is looking for a Senior Information Security Officer to work with us on a continuous focus towards securing our organization and applications from various Information security / Application security and Infrastructure security threats. The candidate would be expected to implement Security best practices suited for the company and application. This includes anything between complex groups of back-end servers, the network and the applications running on the same.
- To provide overall direction and oversight of the strategy, development, implementation, and administration of information assurance and security policies, plans, and controls that will protect stakeholder (client, employees and corporate) information.
- Develop an information security vision and strategy that is aligned with organizational priorities and enables and facilitates the organization's business objectives and ensures senior stakeholder buy-in.
- Provide leadership to the enterprise's information security organization.
- Setup standards and structures to facilitate information security governance structure and lead the information security steering committee.
- Develop metrics / KPIs, SLAs and continuous improvements programs to deliver transparency and accountability and providing regular reporting on the current status of the information security program to business leadership/stakeholders.
- Facilitate risk assessment and risk management processes across the organization.
- Ensure the consistent application of security policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.
- Develop, document and operate controls to minimize risk, which are compliant with target industry regulations including NIST, PCI, HIPPA/HItech, SOX, SOC II Type II, CPNI, GDPR and CCPA.
- Subject matter expert providing thought leadership on compliance and regulatory requirements by staying updated and abreast of all the global trends in compliance and regulatory space.
- Champion education on security strategy and technology throughout the organization.
- Ensure that security is integrated and embedded in the project and product delivery processes through controls like secure coding training reviews, development standards, vulnerability testing, penetration testing, continuous assurance etc.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action; continuously improving security Health checks, understanding the risk landscape and bringing in appropriate assessments of controls, threats, incident readiness and also providing the remediation roadmaps.
- Securing the entire Infrastructure technology layer that includes Network, Server, OS, Application, Identity and access management, by implementing appropriate monitoring, control and review mechanisms thereby ensuring Service continuity and disaster recovery.
- Develop and execute security risk, audit and incident management, disaster recovery and business continuity plans across the organization to ensure continuity of business operations.
- Setup and manage Privacy practices within the company.
- Manage and contain information security incidents. Provide direction, support and in-house consulting in the event of a security event; and ensuring that business-critical services are recovered. Front end client communication and pull together necessary stakeholders.
- Interact with prospects and clients on security related topics and communicate security posture of the company.
- Facilitating / coordinating external audits and regulatory inspection whilst Ensuring compliance and governance is met
- Engineering/Master’s Degree in IT/Computer science.
- Minimum 10-12 Years of experience in a combination of risk management, information security and IT roles, with at least 5 years or more experience as a security professional.Bachelor’s degree or related experience.
- Certifications in Security Compliance (CISA, CISM, CISSP, OSCP etc.).
- At least 2 years of experience in a Senior Information Security Officer role in a software products or services company.
- Hands on security professional with extensive expertise in digital and security technologies, processes and systems, global industry security standards, such as NIST, ISO 27001, ISO 22301, PCI DSS, SSAE16, etc.
- Experience with Cloud computing/Elastic computing across virtualized environments.