Director/Head - Information Security (8-20 yrs)

- The successful candidate will be working with bleeding edge technology in an internationally established team, while having great attention to detail, being a strong team player and having excellent communication skills.

- We are looking for someone who is passionate about blockchain, eager for new challenges and ready for a new challenge. You will have a proven track record for building highly scalable, high throughput, distributed applications.

- The Role This is an opportunity to grow and lead a diverse security team comprising risk management, product & platform security, threat & vulnerability management and incident response capability pillars. You will lead the design and execution of our cyber security program as well as providing leadership and domain expertise to leaders within the business on matters pertaining to protecting digital assets and regulatory compliance.

Responsibilities:

- Leadership & Executive Engagement: Define the charter and focus areas comprising policy, process and technology controls that would act as foundation for taking risk based decisions on design, tool and spends both within and beyond cyber security

- Product Security: Evolve a culture of SSDLC to build and operate a product security testing and automation function aligned to DevSecOps philosophy with automation and developer empathy as its core constructs

- Platform Security: Work in synergy with infrastructure and product engineering teams to define baseline security configuration, build continuous visibility for detecting misconfigurations, vulnerabilities and mature remediation practises

- Contribute in maturing modern infrastructure delivery (IAC) and modern software supply chain (CICD / DevOps) practises

- Threat and Vulnerability Management: Detect, triage and operate remediation operations for misconfigurations and vulnerabilities across product, platform and identity plane as per defined SLA

- Security Operations: Set the foundation for creating incident response operations to guard against security breaches through a mixture of inhouse operations and a managed services model

Looking for:

- 7+ years with mix of technology risk, security operations and security engineering

- 2+ years of management experience with direct engagement with executive leadership

- Stakeholder management in a global setting with 3+ years of responsibility in either managing P&L or budgeting / spend decisions in a cost conscious manner

- Experience in setting or operating incident response functions involving internal and partner teams

- Knowledge of Risk Management practices including NIST, CIS, Cloud Controls and security frameworks like OWASP, CVSS, MITRE

- SME in at least 2 of the above domains

- Proficient technical & business communication skills

- Ability to decide & act in ambiguity

- Plan & operate with an agile mindset in a remote work setting.

Good To Have:

- Industry certifications e.g. CISSP, CCSP, CCSK, CISA, CISM etc.

- CSP specific certifications for cloud platforms such as Azure, AWS etc.