Head - Information Security

Bengaluru, Karnataka, India | Engineering | Full-time

Apply

Whatfix is disrupting the way Application Support and Learning content is consumed by providing Contextual and Interactive WalkThroughs inside enterprise applications at the exact time a task is being performed.

We provide enterprises with a Software Platform that allows them to create Interactive Guides or Flows that sit as an overlay inside any web application. Flows are Contextual - appear based on where you are in the application (location) and who you are (role). Optimal performance and adoption of any web application is attained when there is easy access to Contextual Information - inside the application at the time a task is being performed.

Your Opportunity

As part of the Core Team @Whatfix, you’ll have the opportunity to make a difference by uncovering vulnerabilities in our products, infra and processes and work with respective teams to fix those. The Head of Information Security will be taking on the continual development of security process and controls within the business. You will be focussed on developing and coordinating the company’s Information Security function and Disaster Recovery activities and will have the opportunity to create and implement the security roadmap in conjunction with your team. At Whatfix, it’s all about scale. One of the key attributes of this job is that you are required to continuously innovate and apply technology to keep our IP and data safe.

Your Responsibility

  1. Provide leadership, vision and direction to the wider stakeholders in all aspects regarding security, governance and compliance. Support the business in delivering quality and compliance in order to drive down information security risk.
  2. Defending the business by building and implementing security processes and procedures in order to protect and respond to risk. Partner with senior stakeholders to drive effective management of cyber and information security, risk and compliance with policies, and applicable regulatory requirements. Help improve the security control environment and lessen risk within the business
  3. Deliver effective risk identification & assessment, risk response & mitigation, risk and control monitoring & reporting outcomes. Advise management on risk and control issues and provide practical recommendations to ensure risks are appropriately managed
  4. Promoting responsible behaviour by improving the culture internally to ensure all staff are protecting against possible security incidents. Continuous improvement by ensuring security updates are implemented as and when necessary
  5. Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable Cyber Security program
  6. Coordinate/Monitor/Review annual audits by third party assessors
  7. Write Security Assessment Reports - After conducting thorough research and testing, document the findings, write detailed security reports and discuss solutions with Engineering/IT teams and management. Provide feedback and verification after security fixes are issued.
  8. Responding to Security requirements in Customer RFEs - work with Sales and Customer Success teams to close business deals by ensuring customers understand our security posture
  9. Automate IS processes and bring in software that helps to build strong security posture.
  10. Drive security practices and policies across Whatfix offices globally.
  11. Hire, Develop and Retain a strong team of Infosec engineers. Build the Security team and maintain/enhance the compliance certifications and drive the following:
    1. Conduct tests on Networks and Applications - Perform tests on networks, web based applications and computer systems. Design these tests and tools to try to break into security protected applications and networks to probe for vulnerabilities.
    2. Physical Security Assessments - Conduct physical assessments of servers, systems and network device security. Look for ways to exploit vulnerabilities and design solutions to security issues. 
    3. Conduct Security Audits - Analyze the security policies for effectiveness, make suggestions for security policy improvements and work to enhance the methodology material.
    4. Security Compliance Accreditation - we are ISO 270001 and SOC2 compliant. Create and maintain documentation in support of current controls, policies, standards and procedures related to ISO & SOC certifications, by working directly with teams to develop auditable procedures to ensure ongoing compliance.

 

Our Ideal Candidate

You have a deep interest and passion for technology. You love to push limits, solve technologically complex problems and enjoy working with people who will keep challenging you at every stage. You are highly analytical and have strong problem solving, decision-making and excellent communication with interpersonal skills. You are self-driven and motivated with the desire to work in a fast-paced, results-driven agile environment with varied responsibilities. You are adaptable, authentic, accountable, and values-driven. You’re a team player who exhibits personal leadership and leaves things better than you found them. We’re looking for someone who always gives their best and inspires others to do the same

Your Qualifications:

  1. 12+ yrs. of experience in Computer Science or a related field
  2. Ability to work with teams in a collaborative and productive manner
  3. Strong computer science fundamentals in ethical hacking field
  4. Solid understanding of IT services and solutions including information security management
  5. A self-motivated learner and builder with strong customer focus and obsession with quality
  6. Strong Technical Leadership expertise
  7. Demonstrated customer service skills and ability to build strong customer relationships

Must Have:

  1. 8+ years in information security, IT audit and/or IT Risk Management experience
  2. Have held a senior security role in a professional environment
  3. Previous SOC, GDPR and/or ISO compliance program experience
  4. Experience of managing 3rd party assessors
  5. Experience with Security frameworks like NIST, SOX, HIPAA
  6. Analyze Functional and Non-Functional requirements with effort estimation and deployment strategies
  7. Prior experience in SAAS and/or software product companies.

Good to have:

  1. CEH, CISM, CISSP Certifications
  2. Hands-on debugging skills
  3. Experience in Client-side technologies such as GWT, jQuery
  4. Experience in Programming Languages like Java, SQL, JS, Python
  5. 5+ years of experience with Security Assessment tools like: Aircrack-ng, Burpsuite, SQLmap
  6. Knowledge of analytics platforms like Google Analytics, Omniture, ELK, Mixpanel etc

 Behavioural traits: 

  1. Excellent communication and technical leadership skills
  2. Can-do attitude to take BIG problems by their horns and solve them
  3. Ability to inspire others & be a role model and mentor for upcoming engineers in the organization
  4. Entrepreneurial spirit to conceive ideas, turn challenges into opportunities and build products

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status