Chief Information Security Officer (CISO)

Role & responsibilities

Job Summary:

The Chief Information Security Officer (CISO) is responsible for developing, implementing, and overseeing the security strategy for an IT outsourcing company. The CISO will ensure the security, integrity, and compliance of client and internal IT systems while mitigating cybersecurity risks. This role involves working closely with clients, regulatory bodies, and internal teams to implement best security practices and maintain compliance with industry standards.

Key Responsibilities:

Strategic Leadership

• Develop and implement a comprehensive cybersecurity strategy aligned with business objectives.
• Lead the information security function to protect company and client data from cyber threats.
• Establish policies, procedures, and frameworks to secure IT infrastructure and outsourced services.

Security Governance & Compliance

• Ensure compliance with industry regulations, such as ISO 27001, SOC 2, GDPR, HIPAA, and other applicable security frameworks.
• Conduct regular security audits and risk assessments to identify vulnerabilities and implement corrective actions.
• Establish security governance frameworks and ensure adherence to global best practices in IT security.
• Work with legal and compliance teams to assess security risks in contracts and SLAs with clients.

Risk Management & Incident Response

• Identify, assess, and mitigate security risks related to IT outsourcing operations.
• Develop, implement, and test incident response plans to address security breaches and cyber threats.
• Monitor and analyze security incidents, ensuring timely resolution and documentation.
• Lead disaster recovery and business continuity planning efforts.

Security Architecture & Technology

• Define and oversee the implementation of security architecture for outsourced IT services.
• Collaborate with IT teams to integrate security into DevOps, cloud services, and application development.
• Evaluate and implement advanced cybersecurity tools, such as SIEM, IAM, endpoint protection (EDR/XDR), and threat intelligence solutions.
• Ensure security best practices in network, endpoint, and data protection for client engagements.
• Implement secure email gateways, DMARC, DKIM, and SPF protocols to prevent email spoofing and phishing attacks.
• Deploy and manage advanced endpoint security solutions, including next-gen antivirus (NGAV) and behavioral analytics.
• Monitor and enhance web application firewall (WAF) solutions to prevent application-layer attacks.
• Strengthen security posture with zero-trust architecture, data loss prevention (DLP), and privileged access management (PAM).

Client & Stakeholder Engagement

• Act as a trusted advisor for clients on cybersecurity and data protection matters.
• Provide security guidance and assurance during client onboarding and ongoing engagements.
• Educate clients on emerging threats and security measures to safeguard their IT assets.
• Collaborate with sales and pre-sales teams to address security concerns in RFPs and proposals.

Team Development & Security Awareness

• Build and lead a high-performing cybersecurity team within the organization.
• Develop and deliver security awareness training programs for employees and outsourced IT teams.
• Foster a culture of cybersecurity awareness across all levels of the organization.

Required Qualifications & Experience:

• Bachelors or Master’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 10+ years of experience in information security, with at least 5 years in a leadership role.
• Extensive experience in IT outsourcing, managed services, or cloud security.
• Certifications such as CISSP, CISM, CISA, or CCISO preferred.
• Strong knowledge of security frameworks, risk management, compliance, and cloud security.
• Expertise in securing hybrid cloud environments (AWS, Azure, Google Cloud) and SaaS-based services.
• Hands-on experience with security tools such as SIEM, IAM, endpoint security, email security gateways, and vulnerability management.
• Strong communication and leadership skills to engage with clients, executives, and technical teams.

Preferred Skills:

• Experience working with global clients and managing security for outsourced IT operations.
• Knowledge of DevSecOps practices and secure software development methodologies.
• Familiarity with emerging security technologies such as AI-driven threat detection and zero trust architectures.
• Ability to respond effectively to cybersecurity incidents and communicate risks to stakeholders.

Preferred candidate profile

Perks and benefits