Director of Information Risk and ComplianceChargebee • Chennai, Republic Of India, IN

Director of Information Risk and Compliance

Chargebee • Chennai, Republic Of India, IN

12 days ago

Job description

Role Purpose

The Director / Head of Information Security will lead Chargebee’s Corporate Information Security function, working in close partnership with the Enterprise Cyber security (ECS) which manages product and infrastructure security and Corporate IT (which manages employee systems, devices, and operations) teams.

This role focuses on strengthening enterprise-wide governance, compliance, and risk management by designing new security capabilities while leveraging existing technical and operational controls across the broader ecosystem.

The leader will own the ISMS (ISO 27001 Program), Incident Management, Data Protection, Endpoint Security, and other GRC (Governance, Risk & Compliance) programs that protect our people, systems, and customers.

The ideal candidate will enable Chargebee to stay audit-ready, resilient, and trusted by customers as we continue to scale globally.

Key Responsibilities

1. Information Security Strategy & Governance

Lead the design and execution of Chargebee’s enterprise security strategy aligned with business goals
Own and continuously improve the Information Security Management System (ISMS) under ISO 27001, SOC 2, PCI DSS, and GDPR.
Establish and maintain the security governance framework, policies, and standards across business units.
Drive adoption of a unified security maturity model and track progress across all security domains.
Report quarterly to senior leadership on posture, risks, incidents, and roadmap progress.

2. Program Ownership Across Core AORs

Own and mature the following functions and teams :

ISMS & ISO 27001 Program – Governance, internal audits, controls, SoA, and certification management.

Corporate Incident Management (CIM) – Centralized IR process, playbooks, RCA / CAPA, and coordination of each incident, coordinating Product security, Global Technology Infrastructure and internal operations team

Data Leakage Prevention (DLP) – Policy, enforcement, and insider data risk management of corporate systems and corporate technology (Collaboration and knowledge management systems).

AI information Security Governance – AI risk reviews, usage policy, vendor evaluation, and compliance oversight of corporate information systems and Corporate Technology.

Security Awareness Program – Continuous education, phishing simulation, and behavioral improvement of corporate information systems and Corporate Technology.

Corporate IT Risk Management – Risk register, reviews, and treatment lifecycle of corporate information systems and Corporate Technology.

Business Continuity Program (BCP) & Data Recovery (DR) (Corporate) – Continuity governance, simulation testing, recovery validation of corporate information systems and Corporate Technology.

Policy Governance – Centralized authoring, review, communication, and adoption tracking of corporate information systems and Corporate Technology.

Access Governance (RBAC) – Access policy, JML automation, and certification reviews of all systems, product operations and corporate systems and technology.

Endpoint Security (Systems & Hardware) – Device hardening, monitoring, and compliance visibility of corporate information systems and Corporate Technology.

GTM Trust Enablement (RFP / RFI) – Customer trust documentation, security questionnaires, SLAs in response to processes and governance related questions referring to Chargebee’s corporate information systems and Corporate Technology.

3. Operational Execution & Oversight

Establish a centralized incident classification and escalation model for all business functions.

Drive RCA & CAPA closure across incidents and audits;

ensure risks are documented and tracked.

Maintain audit and evidence readiness for customer and external certifications.

Oversee DLP and endpoint monitoring, ensuring response workflows are automated and integrated.

Partner with ECS and IT to embed security by design into products, infrastructure, and employee systems.

Assist in responding to customer RFP’s to clarify and confirm Chargebee’s information security and corporate systems compliance

4. Risk, Compliance, and Reporting

Maintain the enterprise security risk register;

ensure high / critical risks have defined treatment and ownership.

Manage ISO internal audits and, surveillance reviews, and customer due diligence requests.

Develop and publish quarterly security KPIs and KRIs, including metrics on incidents, risk aging, compliance, and awareness.

Lead regular security governance reviews with senior leadership, providing updates on posture, risks, and strategic initiatives

5. People Leadership & Culture

Build and lead a high-performing infosec team across GRC, Risk, DLP, IR, and Awareness.

Partner cross-functionally with IT, ECS, Legal, HR, Comms, Risk & Compliance, and GTM enablement functions..

Promote a culture where security is everyone’s responsibility through communication, enablement, and collaboration.

Mentor, coach, and grow internal talent to scale the security program sustainably.

Create a job alert for this search

Director Information • Chennai, Republic Of India, IN

Related jobs

Director of Information Technology

Pathways World School • New Delhi, Republic Of India, IN

We are seeking a dynamic and visionary Chief Information Officer (CIO) to lead the Group’s IT, digital, and technology transformation agenda. The CIO will define and implement a comprehensive IT str...Show more

Last updated: 20 days ago • Promoted

Director, Compliance

Capital One • Republic Of India, IN

The Compliance Advisor Director performs a key risk management role (second line of defense), to help ensure corporate initiatives and lines of business processes comply with applicable laws and re...Show more

Last updated: 12 days ago • Promoted

Director Of Corporate Information Security

Chargebee • Chennai, Republic Of India, IN

Last updated: 12 days ago • Promoted

Head of Information Security and Compliance

Career Stone Consultant • Republic Of India, IN

The job purpose is to lead and implement comprehensive cybersecurity and information security.Responsible for data privacy protection, infrastructure security, vendor management, and fostering a.Se...Show more

Last updated: 14 days ago • Promoted

Head of Corporate Information Security

Chargebee • Chennai, Republic Of India, IN

Last updated: 12 days ago • Promoted

Information Technology Risk Manager

National Payments Corporation Of India (NPCI) • India

We are looking for Operational IT Risk professional who have good experience into IT Risk.Mode of Operation : work from office. Education : Engineering Background (BE / BTech into computer or equivalent...Show more

Last updated: 2 days ago • Promoted

Compliance Director

JobsFlix • Republic Of India, IN

Policy and program development : Designs, implements, and manages the organization's.This includes creating and updating policies and. Risk assessment : Conducts regular risk assessments to identify p...Show more

Last updated: 4 days ago • Promoted

Information Technology Governance Manager

Kotak Mutual Fund • India

Position : Governance, Risk & Compliance (GRC) Specialist.We’re seeking a skilled GRC professional to lead governance, risk management, and compliance initiatives across IT and cybersecurity domains...Show more

Last updated: 2 days ago • Promoted

Director of IT Infrastructure and Security

Cheers Interactive • Republic Of India, IN

We are seeking an experienced and innovative Director-IT Infra to lead our IT Infrastructure and IT Security teams.The ideal candidate will drive the management and strategic oversight of on premis...Show more

Last updated: 30+ days ago • Promoted

Director of Product Security

WhiteSlips Job Management Consultants • India, India

Advance and execute a software supply chain security development strategy to include Identify security risk and vulnerabilities across client's supply chain partners as well and track implementatio...Show more

Last updated: 20 hours ago • Promoted • New!

Cybersecurity and Information Security Director

Career Stone Consultant • Republic Of India, IN

Last updated: 14 days ago • Promoted

Regional Information Security Lead

Talent et au-dela • Pune, Republic Of India, IN

Regional Chief Information Security Officer (CISO).We’re looking for a bold, high-caliber cybersecurity leader ready to fast-track into a full CISO role within six months.This role is ideal for a d...Show more

Last updated: 6 days ago • Promoted

Director, Information Systems Audit

EXECUTIVE HUNT • Republic Of India, IN

Ther role is based out of Kuala Lumpur, Malaysia.Having experience of IT Audit is Mandatory.Candidate with 15+ years of experience. Only relevant candidates will be replied to.Show more

Last updated: 8 days ago • Promoted

Regional Cybersecurity Director

Talent et au-dela • Pune, Republic Of India, IN

Last updated: 6 days ago • Promoted

Technology and Innovation Director

Pathways World School • New Delhi, Republic Of India, IN

Last updated: 20 days ago • Promoted

Senior Manager - Information Security (Governance, Risk and Compliance)

Navi • India

At Navi, the InfoSec team safeguards our digital ecosystem - ensuring the confidentiality, integrity, and availability of critical systems and data. We lead the charge on cyber risk management, regu...Show more

Last updated: 2 days ago • Promoted

Director of Information Security

The Indian Hotels Company Limited (IHCL) • Republic Of India, IN

IHCL and its subsidiaries bring together a group of brands and businesses that offer a fusion of warm hospitality and world-class service. World’s Strongest Hotel Brand’ and ‘India’s Strongest Brand...Show more

Last updated: 9 days ago • Promoted

Compliance Risk Management Director

Capital One • Republic Of India, IN

Last updated: 12 days ago • Promoted