Chief Information Security Officer (CISO)

This role is for one of the Weekday's clients

Salary range: Rs 1500000 - Rs 4000000 (ie INR 15-40 LPA)

Experience: 10+ yrs

Location: Mumbai

Job Type: full-time

We are seeking an experienced Chief Information Security Officer (CISO) to lead and strengthen the organization's information security, cybersecurity governance, risk management, and compliance programs. This strategic leadership role is responsible for defining and executing a comprehensive security strategy that protects business-critical systems, cloud infrastructure, customer data, and enterprise applications while ensuring compliance with industry regulations and security standards.

As the CISO, you will own the end-to-end security posture of the organization, including security governance, compliance management, security operations, cloud security, privileged access management, data protection, incident response, and risk management. You will work closely with executive leadership, technology teams, auditors, regulators, customers, and business stakeholders to establish a security-first culture and ensure the organization maintains the highest standards of cybersecurity and operational resilience.

The ideal candidate combines strong leadership capabilities with hands-on technical expertise across cloud security, SIEM operations, compliance frameworks, security architecture, and enterprise risk management. This role requires a strategic thinker who can balance business objectives with evolving cybersecurity challenges while enabling secure growth and innovation.

Key Responsibilities

Security Strategy & Governance

• Define and lead the enterprise-wide information security strategy, roadmap, policies, standards, and governance framework.
• Establish risk management, security governance, and executive reporting mechanisms to provide visibility into the organization's security posture.
• Build, mentor, and lead high-performing security, compliance, and governance teams.
• Develop and maintain security frameworks that align with business objectives, customer requirements, and regulatory obligations.
• Drive continuous improvement initiatives to strengthen organizational security maturity.

Compliance & Risk Management

• Lead and manage compliance programs aligned with industry-recognized standards such as SOC 2 Type II, ISO 27001, and related frameworks.
• Ensure adherence to applicable regulatory requirements, privacy laws, cybersecurity regulations, and industry-specific security obligations.
• Manage internal and external audits, including preparation, evidence collection, remediation planning, and auditor engagement.
• Oversee enterprise risk assessments, security reviews, and governance activities.
• Support customer security assessments, vendor due diligence processes, risk questionnaires, and security-related RFP responses.
• Establish and manage third-party risk management and supply chain security programs.

Security Operations & Incident Management

• Lead enterprise security operations, monitoring, threat detection, incident response, and security event management functions.
• Oversee deployment, optimization, and governance of SIEM platforms and security monitoring tools.
• Develop and enhance incident response processes, escalation procedures, forensic investigations, and post-incident reviews.
• Drive vulnerability management initiatives, penetration testing programs, remediation activities, and patch governance.
• Establish proactive threat detection and continuous security monitoring capabilities.

Identity, Access & Data Security

• Design and implement enterprise Privileged Access Management (PAM) strategies and controls.
• Establish governance for privileged accounts, credential management, session monitoring, and least-privilege access models.
• Lead Identity and Access Management (IAM) initiatives, including role-based access controls, access reviews, Single Sign-On (SSO), and Multi-Factor Authentication (MFA).
• Define and execute enterprise Data Loss Prevention (DLP) strategies across endpoints, cloud environments, SaaS platforms, and communication channels.
• Ensure proper classification, protection, monitoring, and handling of sensitive business and customer data.

Cloud & Application Security

• Develop and maintain cloud security frameworks across AWS and modern cloud-native environments.
• Implement security controls related to encryption, key management, logging, monitoring, threat detection, and secure cloud architecture.
• Embed security practices throughout the software development lifecycle, including secure coding, application security testing, container security, and DevSecOps initiatives.
• Oversee business continuity, disaster recovery planning, backup governance, and resilience testing programs.
• Collaborate with engineering and infrastructure teams to ensure secure system design and deployment practices.

Executive Leadership & Stakeholder Engagement

• Serve as the primary security leader for executive management, customers, auditors, and external stakeholders.
• Present security metrics, risks, compliance status, and strategic initiatives to senior leadership.
• Foster a strong security culture through awareness programs, training initiatives, and continuous engagement.
• Influence business and technology decisions to ensure security is integrated into organizational strategy and operations.

What Makes You a Great Fit

• 10+ years of experience in Information Security, Cybersecurity, Risk Management, or Security Operations, including leadership responsibilities.
• Proven experience leading enterprise-wide Information Security and Security Governance programs.
• Strong expertise in developing and implementing security strategies, frameworks, policies, and governance models.
• Hands-on experience managing SIEM platforms, security monitoring, threat detection, and incident response programs.
• Demonstrated success leading SOC 2 Type II, ISO 27001, and similar compliance and certification initiatives.
• Strong understanding of Governance, Risk, and Compliance (GRC) processes and security audit management.
• Experience implementing and managing Privileged Access Management (PAM) and Identity & Access Management (IAM) solutions.
• Expertise in Data Loss Prevention (DLP), data protection, privacy controls, and information governance.
• Deep knowledge of cloud security, particularly AWS security architecture, monitoring, encryption, and cloud governance.
• Strong understanding of application security, DevSecOps, vulnerability management, and secure software development practices.
• Familiarity with cybersecurity regulations, privacy laws, and industry compliance requirements.
• Experience supporting enterprise customer security reviews, vendor assessments, and security due diligence activities.
• Strong leadership, stakeholder management, communication, and decision-making skills.
• Ability to translate complex security concepts into actionable business strategies and executive-level recommendations.
• Professional certifications such as CISSP, CISM, CISA, CCSP, ISO 27001 Lead Auditor/Implementer, OSCP, or equivalent are highly desirable.
• Experience working within SaaS, cloud technology, enterprise software, fintech, or regulated industries is a strong advantage.