Chief Information Security Officer

Position Title: Chief Information Security Officer (CISO)
Location: Hyderabad, India - Work From Office 5 days a week

Reports To: Chief Technology Officer (CTO)
Department: Information Security
Position Type: Full-time, Executive Level

Job Summary

The Chief Information Security Officer (CISO) at Foundation AI will lead the company's information security strategy and practices across its SaaS platform, ensuring the security, confidentiality, and compliance of all internal systems, client data, and AI-powered solutions. This is an onsite executive leadership role designed for a highly experienced information security professional with a strong background in SaaS environments, AI-driven technologies, and regulatory frameworks. As the CISO, you will be responsible for aligning the company's information security strategy with business objectives, protecting the company's data assets, and ensuring that Foundation AI meets or exceeds all security and privacy standards, including SOC 2, ISO 27001, HIPAA, and others relevant to our industry.

You will act as the primary advisor on all matters of cybersecurity, risk management, and compliance for both internal and client-facing systems. The CISO will also work closely with the executive leadership team, product development, IT, legal, and operations teams to enforce best practices, mitigate risks, and drive initiatives that protect Foundation AIs digital assets and reputation.

Key Responsibilities

1. Information Security Leadership & Strategy

• Develop and implement a comprehensive information security strategy for Foundation AI, aligning with overall business goals and regulatory requirements.
• Lead the creation of information security policies, procedures, and standards that support security across all operations and SaaS products.
• Serve as the internal and external spokesperson for information security, providing thought leadership on cybersecurity best practices, risk management, and compliance frameworks.
• Build and manage a cross-functional security team to support the company's security objectives.

2. Risk Management and Compliance

• Oversee the design and implementation of risk management frameworks to identify, assess, and mitigate security risks across the organizations IT infrastructure and SaaS offerings.
• Ensure that Foundation AIs products and services adhere to industry-specific compliance standards, including SOC 2, ISO 27001, HIPAA, and GDPR.
• Maintain an understanding of evolving cybersecurity threats and regulatory changes, ensuring compliance and risk mitigation strategies are up to date.
• Lead the preparation for and execution of audits and assessments, ensuring all security controls are thoroughly tested and compliant with external auditors.

3. Security Operations and Incident Management

• Design, implement, and monitor a security operations center (SOC) strategy to ensure the ongoing detection, prevention, and response to cyber threats.
• Establish and maintain incident response procedures, including root cause analysis and post-incident reviews.
• Lead proactive security assessments, vulnerability management, penetration testing, and risk assessments to uncover and address potential security gaps.
• Collaborate with product engineering teams to embed security by design into all product development cycles and SaaS offerings.

4. Data Privacy and Protection

• Implement a robust data protection and privacy strategy, ensuring that all sensitive data is securely handled in accordance with legal and regulatory requirements.
• Drive the companys adherence to data privacy laws, including GDPR, CCPA, and other regional and global privacy frameworks.
• Partner with product teams to develop secure AI and data-driven solutions that prioritize privacy and protect customer data at every touchpoint.

5. Vendor and Third-Party Risk Management

• Oversee the vendor and third-party risk management process, ensuring that all external partners and service providers meet Foundation AIs stringent security and compliance standards.
• Conduct regular security evaluations of third-party vendors, particularly those that have access to sensitive customer data or critical infrastructure.

6. Security Awareness & Training

• Lead the creation of a company-wide security awareness program to educate employees about potential threats, phishing attacks, and best practices in information security.
• Organize regular training sessions, simulations, and security drills for employees to maintain a high level of vigilance and responsiveness to cybersecurity incidents.

7. Board and Executive Reporting

• Regularly report to the CEO and board members on the status of information security, risk management, and compliance initiatives.
• Prepare executive-level briefings, highlighting security risks, mitigation strategies, and ongoing improvements.

Qualifications

Experience

• At least 10 years of experience in information security, with a proven track record in managing security operations, risk management, and compliance within a SaaS or technology-driven environment.
• Prior experience as a Chief Information Security Officer (CISO), vCISO, or in a senior security leadership role, preferably within a high-growth startup or enterprise SaaS company.
• Extensive experience with security frameworks such as SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST, and GDPR.
• Hands-on experience with managing security architecture, incident response, data protection, vulnerability management, and security operations centers (SOC).
• Deep understanding of cloud security practices, particularly in AWS, Azure, or Google Cloud environments, and how these apply to SaaS products and solutions.

Technical Skills

• In-depth knowledge of network and application security, encryption, identity and access management (IAM), multi-factor authentication (MFA), and endpoint security.
• Experience in securing AI-driven solutions, ensuring that AI models and data pipelines are robust against adversarial attacks and data privacy breaches.
• Proficiency in security tools such as SIEM, vulnerability scanners, DLP systems, intrusion detection/prevention systems, and firewall configurations.
• Hands-on experience with data loss prevention (DLP) tools, encryption technologies, and network segmentation in cloud-based environments.

Education and Certifications

• Bachelors degree in Computer Science, Information Security, or a related field. A Masters degree is a plus.
• Professional security certifications such as CISSP, CISM, CISA, or CISA certifications are highly preferred.
• Cloud security certifications (e.g., AWS Certified Security Specialty, Certified Cloud Security Professional (CCSP)) are highly desirable.

Skills & Competencies

• Leadership: Strong leadership and management skills, with the ability to influence and drive security culture at all levels of the organization.
• Strategic Thinking: Ability to align security initiatives with business objectives and communicate security risks in terms understood by executives and stakeholders.
• Problem Solving: Excellent analytical skills to identify vulnerabilities, assess risks, and resolve complex security challenges.
• Collaboration: Ability to work collaboratively across departments, including legal, IT, engineering, and operations teams.
• Communication: Excellent verbal and written communication skills, with experience in preparing high-level reports and presentations for executives and board members.
• Adaptability: Ability to thrive in a fast-paced startup environment and manage competing priorities effectively.

Why Foundation AI?

• Impact: Work for a leading company at the intersection of AI and automation, driving business transformation through cutting-edge technologies.
• Growth: As part of a rapidly expanding company ranked among the top startup employers, you'll have ample opportunities for professional development and career growth.
• Culture: Foundation AI fosters a culture of innovation, collaboration, and diversity. Join a team where your contributions will shape the future of AI-powered document processing and automation.