RateGain - Head - Information Security & Data Privacy

About RateGain:

RateGain Travel Technologies Limited is a global provider of SaaS solutions for travel and hospitality that works with 3,200+ customers and 700+ partners in 100+ countries helping them accelerate revenue generation through acquisition, retention, and wallet share expansion.RateGain today is one of the world's largest processors of electronic transactions, price points, and travel intent data helping revenue management, distribution and marketing teams across hotels,airlines, meta-search companies, package providers, car rentals, travel managementcompanies, cruises and ferries drive better outcomes for their business. Founded in 2004 and headquartered in India, today

RateGain works with 26 of the Top 30 Hotel Chains, 25 of the Top 30 Online Travel Agents, 4 of the Top 5 Airlines, and all the top car rentals, including 16 Global Fortune 500 companies in unlocking new revenue every day.

Our Vision:

To offer an integrated technology platform powered by artificial intelligence enabling our customers to increase their revenue through guest acquisition, retention and wallet share expansion.-

Responsibilities:

We are seeking Head of Information Security and Data Privacy, who will take the helm in leading the following:

- Information security at the enterprise level, encompassing both Application security and Cloud security

- Certification Compliance for standards such as ISO, SOC, PCI DSS

- Data Privacy. GDPR and CCPA readiness and compliance.

Key Objectives and Responsibilities:

Cloud Security:

- Design, implement, and manage security measures for cloud-based infrastructure, ensuring the confidentiality, integrity, and availability of data.

- Conduct regular security assessments and audits of cloud environments to identify and remediate vulnerabilities.

- Collaborate with cross-functional teams to integrate security best practices into cloud-based solutions.

Application Security:

- Develop and implement strategies for securing applications throughout the software development lifecycle (SDLC).

- Conduct code reviews and provide guidance to development teams on secure coding practices.

- Perform application security assessments, penetration testing, and vulnerability assessments.

Identity and Access Management (IAM):

- Incident Response and Threat Detection: Develop and implement incident response plans for cloud environments and applications.

- Monitor and analyze security logs to detect and respond to security incidents in a timely manner.

Security Compliance:

- Ensure compliance with industry standards and regulations related to cloud security and application security.

- Work with internal and external auditors to demonstrate compliance with security policies and procedures.

Security Automation:

- Implement and maintain security automation tools and scripts to streamline security processes.

- Identify opportunities for automation to enhance the efficiency and effectiveness of security operations.

Security Awareness:

- Develop and implement security awareness programs for employees.

- Train staff on security best practices and protocols.

Data Privacy:

- Lead and oversee the implementation and maintenance of GDPR and CCPA compliance programs.

- Conduct thorough assessments to ensure alignment with the regulatory requirements and address any gaps.

- Conduct PIAs to identify and address potential privacy risks associated with data processing activities.

- Provide recommendations for mitigating privacy risks and ensuring compliance with regulations.

Education & Work Experience:

- 14+ years of experience.

- Experience with a global footprint.

- Proven expertise in developing and implementing enterprise strategies and programs for the effective management of information and technology risks.

- Familiarity with common information security management frameworks, including ISO/IEC 27001 and NIST.