Information Security Officer (ISO)

Location

Work from home | India

Job description

As Windmill Digital s ISO, you ll play a pivotal role in guiding our information security and data privacy initiatives.

We seek a seasoned professional to leverage their extensive knowledge and hands-on expertise to fortify our cybersecurity posture, aligning with our growth trajectory.

Key Responsibilities :

• Security Architecture & Strategy :

  • Design and develop a holistic information security and data privacy program, scaling with company growth.
  • Formulate best practices and set security standards, while preparing and documenting SOPs and protocols.
  • Spearhead security assessment processes, encompassing penetration testing, vulnerability management, and secure software development.
  • Expand security tooling and automation efforts across the organization.

• Threat Management & Mitigation :

  • Proactively spot security issues and threats, devising robust processes and systems to safeguard against them.
  • Steer compliance endeavors, including external audits, regulatory compliance initiatives, and overarching security evaluations.
  • Convey infosec and data privacy operational goals, relaying their impact to stakeholders.

• Engage with outside stakeholders, encompassing customers, partners, compliance bodies, and other legal/regulatory authorities.
• Deliver strategic risk guidance, evaluating and suggesting technical standards and controls.
• Set in place a robust incident management process.

• 5 to 8 years of proven information security management experience.
• Bachelor s degree in Computer Science, Cybersecurity, or related fields.
• Certifications like CISSP and/or CISA are preferred.
• Expertise in compliance, especially in frameworks such as COBIT, ITIL, ISO27001/2, NIST, and SOC2.
• Hands-on experience in security assessment, cloud architecture, threat modeling, and policy drafting.
• In-depth comprehension of Secure SDLC, DevSecOps, or security automation.
• Ability to communicate effectively with external Data Privacy and Info Sec representatives.
• Knowledge of key legislations like HIPAA, SOX, PCI, and GDPR.
• ISO27001 auditor or implementer experience can be additional plus

Job tags

Salary