SVP, Chief Information Security Officer

Infrastructure Technology

Bengaluru

Job Description

Chief Information Security Officer

LOCATION: Bangalore , India

LEVEL: Senior Vice President

About Odessa

Odessa is headquartered in Philadelphia, USA with offices in different locations across the globe. Our leasing solutions power a client base comprised of leading global financial institutions that operate across market segments. We transform bold ideas into breakthrough outcomes for clients that drive the economy through equipment and fleet leasing: IT, healthcare, transportation and more.

As the largest technology provider in the leasing industry, Odessa provides a feature-rich ERP solution with broad integrations across top CRM, G/L, tax, credit, and leading enablement applications. As a complete Platform, Odessa delivers a total solution for commercial lending companies, driving the future of asset finance. With best-in-class function.

Key Odessa Facts

Founded in 1998, 25+ years of industry experience.
1300+ Odessans working globally across multiple countries.
$150 billion net earning assets managed on our platform.
4 general commercial releases annually.

Scope of Oppurtunity

As the CISO, you will define Odessa’s overall security posture and be a member of the Leadership Team, Odessa’s Operations Committee, and Odessa’s Risk Committee. Additionally, you will chair the Technology and Information Risk working group. Your role entails representing security and technology risk management at the executive level, including regular communication with the Board of Directors and Senior executives.

Leadership and Governance

Develop and implement a strategic, long-term information security strategy and roadmap to ensure that the company's and its customers' information assets are appropriately protected. This strategy should also ensure compliance with all jurisdictional privacy and regulatory policies.
Provide leadership, guidance, direction, and independent assessments on our information security program across the organization.
Advise and partner with leadership on risk issues related to technology and information security and
recommend actions in support of the organization’s wider risk tolerance.
Monitor internal security trends and keep leadership informed of potential threats and related risk.
Monitor the industry and external environments for emerging threats, evolving vulnerabilities and advise relevant stakeholders.
Provide regular updates to the executive team and board on the security policies, governance, risks, maturity level, and status of security at the company.
Drive a strong culture of security; lead and influence necessary organizational changes, process improvements, technology selection and adoption.

Security Operations

Work with Architecture, Engineering, and Operations teams to identify and continuously maintain a comprehensive suite of security tools and monitoring technologies that integrate effectively, keep pace with evolving threats, and keep the company secure across all data centers and network operations.
Establish central security operations practice (operations and tools) that can continuously monitor, hunt, detect, and respond to threats from internet and internal network traffic, servers, endpoint devices, desktops, etc.
Management of an external managed detection and response security service provider / security operations center (MDR/SOC) including monitoring performance, continuous process improvement and MDR role expansion.
Provide guidance for business continuity planning and practices, including network redundancy, disaster recovery infrastructure planning and provisioning.
Lead security incident response and investigation at the executive level. Design and oversee response practices; including clear and consistent communication to other executives, the board of directors, customers and law enforcement/regulators as appropriate.
Coordinate and track all information technology and security related audits, including scope of audits, organizational units involved, timelines, auditing agencies and track outcomes/remediation as required.
Create and oversee penetration testing and vulnerability management efforts.

Security Engineering

Define and maintain working knowledge of security standards, frameworks, certification requirements, and accreditation standards.
Ensure our commercial software development lifecycle is secure end-to-end.
Provide security architecture reviews, recommendations, and engineering for new and emerging technology solutions.

Skills and Experience

20+ years of hands-on experience in comprehensive security leadership, with a demonstrated history of bolstering the advancement of security engineering practices.
Experience with Business Continuity planning and Disaster Recovery.
Experience setting up and managing an outsourced MDR/SOC.
Proven credibility in influencing and working effectively with peers across departmental boundaries.
Excellent leadership, people management and organizational development skills, with a demonstrated ability to motivate others in a team-oriented and collaborative environment.
Excellent verbal and written communications and interpersonal skills, with the ability to build successful relationships with all levels. Comfortable working with sponsors and board advisors.
Proven high level of integrity, trustworthiness, and confidence, as well as ability to represent the company and security leadership with the highest level of professionalism. Familiarity and experience applying various industry control and risk frameworks including: CIS, NIST CSF, MITRE, ISO 27001 etc.

EEO Statement

Odessa is an equal employment opportunity employer and does not discriminate based on race, color, national origin, religion, gender identity, sexual orientation, sex, age, disability, veteran or military status, genetic information, or any other characteristic protected by applicable law.