About the Role

 

We are seeking a strategic and experienced Director of Information Security to lead our organization’s information security program. This role will be responsible for safeguarding our information assets, ensuring compliance with industry standards, and managing security risks across all business operations. The ideal candidate will have extensive knowledge of risk management, business continuity, cloud infrastructure, and regulatory compliance.

 

Role Expectations

 

• Balancing security posture with business realities

The candidate is expected to superimpose Exotel’s business interests and constraints with Security requirements and help bridge the gap. 

• Collaboration with technology and product teams

The candidate is expected to work closely with the tech and product teams to ensure the best outcome from a product and security roadmap point of view without compromising on either. The candidate should have the ability to work with a pod of engineers to guide them on technical aspects needed to be done to close security gaps in the product

• Add business value from a Security POV

The candidate is expected to not only understand the security aspects of Infosec but also understand the business value that it adds and work with the pricing team to include security packs that can be sold to customers

 

Key Responsibilities

 

• Information Security Risk Management:
  Develop, implement, and maintain an information security risk management framework. Conduct regular risk assessments and ensure risks are effectively mitigated.

• Business Continuity and Disaster Recovery (BC/DR):
  Establish, maintain, and test business continuity and disaster recovery plans to ensure operational resilience. Lead efforts to prepare for and respond to incidents.

• Third-Party Vendor Risk Management:
  Oversee the assessment and management of third-party vendor security risks. Ensure compliance with security policies and standards among all vendors.

• OWASP Vulnerability Management:
  Implement security measures based on OWASP guidelines. Regularly assess and remediate vulnerabilities in applications and systems.

• Cloud Infrastructure Security:
  Maintain expertise in cloud security best practices and ensure secure configurations. Monitor cloud environments for compliance and security threats.

• Customer Interaction:
  Serve as the primary point of contact for security-related inquiries from customers. Communicate security initiatives and policies to stakeholders.

• RFP Management:
  Manage the security components of Request for Proposal (RFP) processes. Collaborate with internal teams to provide necessary documentation and assessments.

• SOC Command Operations:
  Oversee Security Operations Center (SOC) functions, including incident detection, response, and management. Ensure effective monitoring and reporting of security events.

• Brand Monitoring:
  Implement brand monitoring strategies to protect the organization’s reputation from potential security threats.

• Implementation of Standards:
  Lead the implementation and maintenance of information security standards such as ISO 27001, PCI-DSS, SOC 2 Type, GDPR, and DPDP. Ensure ongoing compliance with these frameworks.

• Networking Knowledge:
  Utilize networking knowledge to enhance security measures across all platforms and ensure secure network configurations.

 

Qualifications

 

Education:
Bachelor’s degree in Information Technology, Cybersecurity, or a related field; Master’s degree preferred.

Experience:
Minimum of 15 years of experience in information security, with at least 5 years in a leadership role.

Certifications:
Relevant certifications such as CISSP, CISA, or equivalent are highly preferred.

 

Skills:

 

• Strong understanding of information security risk management principles.

• Expertise in business continuity planning and disaster recovery.

• Proficient in third-party vendor risk management processes.

• Familiarity with OWASP and vulnerability management practices.

• In-depth knowledge of cloud infrastructure security.

• Excellent communication and customer interaction skills.

• Experience managing RFP processes and documentation.

• Strong leadership and team management abilities.

• Knowledge of ISO 27001, PCI-DSS, SOC 2 Type, GDPR, and DPDP compliance.

• Understanding of networking concepts and practices.

• Strong technical knowledge and understanding to guide engineers in implementing security aspects identified

• Strong understanding of the communication domain to the extent that compliance (like GDPR, ISO, PCI-DSS, etc) applicability  to the communication domain is well understood

•

Last updated on Sep 25, 2024