Kshema - Chief Information Security Officer (15-18 yrs)

About Organization :

At Kshema, we are re-imagining agricultural insurance with the power of Public Cloud, GIS, Remote-sensing and cutting-edge AI-based algorithms to assess, model and price insurance risks for farmers adequately. We are taking the latest advances in Mobile, Geospatial technologies and the web to empower the next generation of agricultural insurance.

The Opportunity:

The CISO shall be responsible for driving organization's cyber security strategy and ensuring compliance to the extant regulatory / statutory instructions on information/ cyber security.

You will be responsible for enforcing the policies that a regulated entity uses to protect its information assets apart from coordinating information / cyber security related issues within the regulated entity as well as with relevant external agencies.

Roles and responsibilities :

- Define Information Security Roadmap for the organization with a futuristic vision.

- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program

- Lead, Implement and Review Hardware, Network and Software Security Standards and Security Controls within the Organization, to protect systems, data and assets from both internal and external threats and prevent information and data loss/frauds.

- Identify and Implement Security Assessment and Testing Processes across the organization, including but not limited to Penetration Testing, Secure Software Development, Vulnerability Management etc.

- Identify Best Security Products/Tools for various purposes and implementation of same.

- Proactively Monitor and identify Security Issues and potential threats, new vulnerabilities/threats and continuously improve security standards within the organization.

- Own and conduct Information Security awareness training/orientation for all company employees.

- Implement and lead Security Assessment practices including Security Audits, Information Security Reviews etc.

- Provide strategic risk guidance and consultation for IT Projects, including security risk assessment of Implementation Architecture, technical standards, and protocols.

- Real-time analysis, investigations, and forensics, if a need arises and ensure to avoid and strengthen security measures.

- Developing strategies to handle security incidents and trigger investigation.

- Regular Stakeholder communication on Information and Data Security Practices and Activities.

- Creating and implementing a strategy for the deployment of information security technologies and solutions to minimize the risk of cyber-attacks.

- Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement.

- Ensuring compliance with the latest regulations and compliance requirements.

- Developing and implementing business continuity plans.

Desired Skills and Experience :

- Engineering Graduate/ Post-Graduate in related field such as Computer Science, IT, Electronics and Communications or a Cyber Security related field.

- Minimum of 15 years' experience in risk management, information security, or cyber security.

- Strong knowledge of information security management frameworks, such as ISO/IEC 27001 and NIST.

- Good Understanding of DevSecOps, Secure SDLC, Security Automation, Security Testing Concepts, DR & BCP Concepts

- Experience in financial forecasting and budget management.

- Familiarity with Industry Security Standards and Protocols, Information and Data Privacy Regulations relevant to our organization.

- Ability to manage ambiguity and find suitable solutions to complex problems.

- Experience with contract and vendor negotiations and management including managed services.

- Specific experience in Agile (scaled) software development or other best in class development practices.

- Ability to work with cross functional teams, collaborate and set a good example as a leader.

- Certifications such as CISSP, CEH, CISA and CISM along with deep implementation experience will be an added advantage.

- Proven knowledge and exposure in designing, implementing and operating security in one or two of the public clouds from AWS, Azure, Oracle and GCP.

- Excellent written and verbal communication skills and high level of personal integrity

- Excellent presentation skills

- Prior knowledge/exposure working for Payments/Banking/Fintech domains is essential