Job Description:
Information Security Governance Leader
The Information Security Governance (ISG) Leader is a senior leadership role responsible for shared ownership along with US stakeholders for establishing, maintaining, and maturing the enterprise-wide information security governance framework. This individual will serve as a key advisor to BISO and senior leadership, ensuring the organization's security posture is aligned with regulatory obligations, industry standards, and business objectives. The role spans three core pillars: risk and compliance, policy and standards, and audit and assurance.
Key Responsibilities
Information Security Governance & Policy Management
- Own and maintain the cybersecurity policy framework, ensuring policies are current, effective, and enforceable.
- Lead annual policy reviews and updates to reflect regulatory, business, and threat‑landscape changes.
- Ensure policies and standards align with applicable laws and regulations (e.g., NYDFS) and industry frameworks (e.g., NIST).
- Provide governance guidance on policy interpretation and applicability across business initiatives.
Risk Management & Security Assurance
- Provide governance oversight for security risks introduced through new initiatives, platforms, or architectural changes.
- Review architecture diagrams and security design / threat assessments to validate security‑by‑design principles.
- Identify and document risks where control gaps exist and ensure appropriate mitigation plans are defined and tracked.
- Support Third‑Party Risk Management (TPRM) by evaluating security integration and control effectiveness.
Technology & Innovation Governance
- Act as a security governance advisor for technology governance and innovation governance processes.
- Review and assess submissions through the Tech Governance process, including pre‑innovation, contracts, and design decisions.
- Partner with architecture, legal, and risk teams to ensure security requirements are embedded early in the lifecycle.
Regulatory, Audit & Customer Assurance
- Serve as a primary point of contact for customer and client security engagements, including:
- SOC 2 and assurance responses
- Security questionnaires and RFP responses
- Support regulatory exams and internal/external audits by providing governance artifacts, evidence, and control narratives.
- Ensure consistent, defensible security governance responses across customers and regulators.
Metrics, Reporting & Executive Communication
- Define, collect, and report security governance metrics across the organization.
- Lead the automation of security metrics to improve accuracy and scalability.
- Prepare and present metrics and insights into Security Working Groups and Risk Committees.
- Track and report on key indicators such as phishing campaign results and security awareness effectiveness.
Security Awareness & Culture
- Own and oversee mandatory awareness training programs
- Lead and expand the security awareness ecosystem, including:
- Security Champions program
- Cybersecurity Awareness Month initiatives
- Design, deploy, and analyze phishing simulation campaigns to strengthen workforce resilience.
- Foster a culture of shared accountability for information security across the enterprise.
Qualifications & Experience
- Experience: 10+ years of experience in information security, Governance Risk and Compliance (GRC) roles
- Certifications: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) are highly preferred.
- Framework Knowledge: Deep understanding of ISO 27001, NIST, and SOC 2.
- Soft Skills: Strong leadership, communication, and ability to influence stakeholders without direct authority
Location:
This position can be based in any of the following locations:
Chennai
Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday