Role : Chief Information Security Officer
About the Company:
Launched in 2016, InsuranceDekho (Cardekho group) is India's leading and fastest growing Insurtech player. It enables its consumers to compare different insurance policies based on their requirements and offer them the best choices available as per their needs. In FY 2022, InsuranceDekho sourced 1000 crore premium and also sold 1MM policies in the last 9 months. The company currently has tie-ups with 43+ insurance companies.
InsuranceDekho has offices in Gurgaon, Pune, Chandigarh, Ludhiana, Jaipur, Kolkata, Chennai, and Bengaluru.
Awarded the "Best in Class Insurtech Startup" by Global Fintech awards 2022 (https://www.linkedin.com/feed/update/urn:li:activity:6978577348031836160), the company aims to become a partner of choice for consumers, insurance companies as well as partner intermediaries in the auto, health, general, life, pet and travel insurance domains.
Job Location: InsuranceDekho, Plot no.301, Phase-2, Udyog Vihar, Gurugram-122022, Haryana
Job Title: Chief Information Security Officer (CISO)
Key Role and Responsibilities:
1. Able to solve business IT issues while managing costs and risks
2. Deployment of various applications, and set up of infrastructures
3. Collaborated with a diverse set of stakeholders entailing Global Business Units, Functional Groups, Consultants, Vendors, External Agencies on matters relating to systems for establishing & improving infrastructure solutions
4. Shouldered the responsibility as an Advisor for strategic projects for implementation of various AI, ML, IOT, Data Analytics Projects etc. to achieve business objective
5. Should be an effective implementer with strong interpersonal, leadership, analytical and relationship management skills
6. Implementation of Governance, Risk, and Compliance (GRC) to ensuring all ISMS and IS Frameworks in-line with RBI, NHB ISO 27001:2013 standards.
7. Define and execution of Cyber Security Policies, Cyber Crisis Management Plan and Cyber Security Readiness Plan.
8. Data Loss Prevention program implementation to protect PII, business and strategic data.
9. Privacy Impact Assessment to protect the customer data and in compliance with Privacy Laws and regulation.
10. Preparing organization for ISO 27001:2013 certification and accreditation sustenance audits.
11. Leveraging complete knowledge of information security topics, system architecture and internet technology to promote and support Governance, Risk, and Compliance (GRC) programs into daily operations of BFSI; ensuring all ISMS and IS Frameworks in-line with IRDA and ISO 27001 standards
12. Articulating Information and Cyber Security Policy, Cyber Crisis Management Plan & BCMS for the organization
13. Advising the Management and Board in implementation of Information and Cyber Security Policy and Framework; identifying the information security needs and assessing the risk
14. Leading the Information Security Team with appropriate competencies to deliver the information security program
15. Directing all the functions pertaining to Data Centre, IT Infrastructure, IT Application Support, Leadership for delivery of 24-7 service operations and compliance
16. Maintaining Service Level Agreement (SLA) adherence, establishing a 24-7 handover mechanism, mandatory escalation metric and delivery support based on Information Technology Infrastructure Library (ITIL) CISO JD Version-1.0 For Restricted Use Only | pg. 2
17. Ensuring that organization processes personal data of staff, customers, providers, or any other individuals (data subjects) in compliance with the applicable data protection rules
18. Creating execution roadmaps for IT infrastructure, security, disaster, business continuity plans, asset management, ERP, application & software development
19. Defining IT Roadmap & Strategy and bridging the gap between functional groups & technology to foster targeted and innovative solution development
20. Spearheading planning & budgeting of IT Infrastructure Operations, control of operational and capital costs, technology implementation, transition, and service delivery
21. Analyzing risks, ensuring compliance to IT standards, and designing secure solutions that support organizational objectives; evaluating ecosystems to identify risks pertaining to IT operations, business continuity readiness & process flaws
22. Defining governance policies and SOP's for various aspects of cyber security
23. Drive the engagement with Security Vendors and make sure all the reported vulnerabilities are planned for earliest closure
24. Maintaining and follow a comprehensive Security Checklist on Infrastructure as well as Application side for deployments and provisioning
25. Apart from Cloud Security, create & drive the best of security policies and frameworks on the enterprise technology and on-prem infrastructure & network like VPN, Email and Vendor management etc.
26. Guide the devops, technology and IT admin teams on security best-practices and be the go-to person for expertise on security
27. Responding to security incidents and evaluating threats to Elara platforms
28. Develop and maintain a comprehensive information security and privacy program that is aligned with business objectives and industry best practices
29. Define and implement security policies, procedures, standards, and guidelines to ensure the confidentiality, integrity, and availability of all organizational data and systems
30. Conduct regular risk assessments and vulnerability scans to identify and mitigate potential security threats and vulnerabilities
31. Lead the incident response and disaster recovery planning efforts to ensure that the organization is prepared to respond to security incidents and disasters in a timely and effective manner
32. Collaborate with cross-functional teams, including IT, Legal, Compliance, and Business Units, to ensure that security requirements are integrated into business processes and technology initiatives
33. Develop and maintain effective relationships with external partners, vendors, and regulatory bodies to ensure compliance with relevant laws and regulations
34. Manage the information security budget and staffing to ensure that the organization has the necessary resources to support the information security program
35. Provide regular reports and updates to executive management and the board of directors on the status of the information security program, including risks, threats, and compliance issues
36. Implementation of Information Security Best Practices by streamlining the security control environment
37. Control/monitor the risk & impact of Information / Cyber Security Threats and Vulnerabilities through risk assessments & remediation processes
38. Create robust IT Architectures & Infrastructures
Requirements:
- 10+ years of strong Info Security & Cyber Security experience
- Bachelor's & Master degree in computer science, information technology, or a related field
- Experience in managing a team of security specialists in a senior capacity across multiple functional areas
- Strong knowledge and understanding of information security practices and policies, including information security & cyber security frameworks, standards, and best practices and common security technologies
- Excellent leadership, communication, and interpersonal skills
- Demonstrated experience in managing complex security projects and programs
- Expertise in AWS including EC2, IAM, CloudWatch, S3, CloudTrail, CloudFront, Config, Lambda, Security Groups, VPCs, WAF, Guard Duty, Inspector, etc.
- Experience in setting up the strategy on Disaster recovery and BCP
- Broad understanding of security services including; application architecture, security infrastructure, penetration testing, identity & access management, threat and vulnerability management, incident response, security operations, network infrastructure.
- Experience in OWASP and In-depth knowledge of security frameworks, such as NIST, ISO, and CIS.
- CISSP, CISA, CISM, and LA ISO 27001, ISO 27701 or other relevant certifications are a plus.
- Strong interpersonal skills as well as excellent written and verbal communication skills.
- Uncompromising personal and professional integrity and ethics
Certifications:
- CISSP
- CISA
- CISM
- ISO-27001 Lead Auditor
- ISO 27701
- ISO 31000
- ISO 27001 Lead Auditor or Lead Implementer
Didn’t find the job appropriate? Report this Job