Head of Corporate Information SecurityChargebee • Chennai, Republic Of India, IN

Head of Corporate Information Security

Chargebee • Chennai, Republic Of India, IN

19 days ago

Job description

Role Purpose

The Director / Head of Information Security will lead Chargebee’s Corporate Information Security function, working in close partnership with the Enterprise Cyber security (ECS) which manages product and infrastructure security and Corporate IT (which manages employee systems, devices, and operations) teams.

This role focuses on strengthening enterprise-wide governance, compliance, and risk management by designing new security capabilities while leveraging existing technical and operational controls across the broader ecosystem.

The leader will own the ISMS (ISO 27001 Program), Incident Management, Data Protection, Endpoint Security, and other GRC (Governance, Risk & Compliance) programs that protect our people, systems, and customers.

The ideal candidate will enable Chargebee to stay audit-ready, resilient, and trusted by customers as we continue to scale globally.

Key Responsibilities

1. Information Security Strategy & Governance

Lead the design and execution of Chargebee’s enterprise security strategy aligned with business goals
Own and continuously improve the Information Security Management System (ISMS) under ISO 27001, SOC 2, PCI DSS, and GDPR.
Establish and maintain the security governance framework, policies, and standards across business units.
Drive adoption of a unified security maturity model and track progress across all security domains.
Report quarterly to senior leadership on posture, risks, incidents, and roadmap progress.

2. Program Ownership Across Core AORs

Own and mature the following functions and teams :

ISMS & ISO 27001 Program – Governance, internal audits, controls, SoA, and certification management.

Corporate Incident Management (CIM) – Centralized IR process, playbooks, RCA / CAPA, and coordination of each incident, coordinating Product security, Global Technology Infrastructure and internal operations team

Data Leakage Prevention (DLP) – Policy, enforcement, and insider data risk management of corporate systems and corporate technology (Collaboration and knowledge management systems).

AI information Security Governance – AI risk reviews, usage policy, vendor evaluation, and compliance oversight of corporate information systems and Corporate Technology.

Security Awareness Program – Continuous education, phishing simulation, and behavioral improvement of corporate information systems and Corporate Technology.

Corporate IT Risk Management – Risk register, reviews, and treatment lifecycle of corporate information systems and Corporate Technology.

Business Continuity Program (BCP) & Data Recovery (DR) (Corporate) – Continuity governance, simulation testing, recovery validation of corporate information systems and Corporate Technology.

Policy Governance – Centralized authoring, review, communication, and adoption tracking of corporate information systems and Corporate Technology.

Access Governance (RBAC) – Access policy, JML automation, and certification reviews of all systems, product operations and corporate systems and technology.

Endpoint Security (Systems & Hardware) – Device hardening, monitoring, and compliance visibility of corporate information systems and Corporate Technology.

GTM Trust Enablement (RFP / RFI) – Customer trust documentation, security questionnaires, SLAs in response to processes and governance related questions referring to Chargebee’s corporate information systems and Corporate Technology.

3. Operational Execution & Oversight

Establish a centralized incident classification and escalation model for all business functions.

Drive RCA & CAPA closure across incidents and audits;

ensure risks are documented and tracked.

Maintain audit and evidence readiness for customer and external certifications.

Oversee DLP and endpoint monitoring, ensuring response workflows are automated and integrated.

Partner with ECS and IT to embed security by design into products, infrastructure, and employee systems.

Assist in responding to customer RFP’s to clarify and confirm Chargebee’s information security and corporate systems compliance

4. Risk, Compliance, and Reporting

Maintain the enterprise security risk register;

ensure high / critical risks have defined treatment and ownership.

Manage ISO internal audits and, surveillance reviews, and customer due diligence requests.

Develop and publish quarterly security KPIs and KRIs, including metrics on incidents, risk aging, compliance, and awareness.

Lead regular security governance reviews with senior leadership, providing updates on posture, risks, and strategic initiatives

5. People Leadership & Culture

Build and lead a high-performing infosec team across GRC, Risk, DLP, IR, and Awareness.

Partner cross-functionally with IT, ECS, Legal, HR, Comms, Risk & Compliance, and GTM enablement functions..

Promote a culture where security is everyone’s responsibility through communication, enablement, and collaboration.

Mentor, coach, and grow internal talent to scale the security program sustainably.

Create a job alert for this search

Information Security • Chennai, Republic Of India, IN

Related jobs

Information Security Manager - Us

Scrut Automation • Republic Of India, IN

Job Description : Information Security Manager - US.Position : Information Security Manager - US.Shift Timing : 6 : 00 PM - 3 : 00 AM IST. Scrut Automation is an information security and compliance monit...Show more

Last updated: 2 days ago • Promoted

Director Of Corporate Information Security

Chargebee • Chennai, Republic Of India, IN

Last updated: 19 days ago • Promoted

Cyber & Information Security

WEBSKITTERS TECHNOLOGY SOLUTIONS PRIVATE LIMITED • India

We are seeking a strategic, forward-thinking Head of Cyber & Information Security to lead the design, implementation, and governance of enterprise-wide information security frameworks across Webski...Show more

Last updated: 9 days ago • Promoted

Principal Information Security Engineer

Amber • Pune, Republic Of India, IN

Job Description : SDE-III – Information Security (Amber).SDE-III – Information Security.Engineering / Information Security. Amber is a global student accommodation platform helping students find and ...Show more

Last updated: 1 day ago • Promoted

Chief Information Security Officer & Co-founder

Secure Mojo • Republic Of India, IN

At SecureMojo, we are on a mission to redefine personal cyber protection.With cybercrime becoming one of the fastest-growing threats to individuals worldwide, we’re building the Ultimate Cyber Prot...Show more

Last updated: 8 hours ago • Promoted • New!

Director of corporate Information Security

Chargebee • India

Last updated: 9 days ago • Promoted

Information Security Manager

MonetaGo Inc. • IN

Quick Apply

Educational Qualifications : Certifications : Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified ...Show more

Last updated: 29 days ago

Director of Product Security

WhiteSlips Job Management Consultants • India, India

Advance and execute a software supply chain security development strategy to include Identify security risk and vulnerabilities across client's supply chain partners as well and track implementatio...Show more

Last updated: 8 days ago • Promoted

Sde-Iii – Information Security

Amber • Pune, Republic Of India, IN

Last updated: 1 day ago • Promoted

Lead Security Engineer

Arcana • India, India

As our Lead Security Engineer, you'll own and elevate Arcana's overall security posture - cloud, on-prem, and everything in between. You'll design and enforce policies, automate controls, and harden...Show more

Last updated: 30+ days ago • Promoted

Information Security Consultant

Soffit Infrastructure Services (P) Ltd • Cochin, Republic Of India, IN

The Information Security Consultant will be responsible for the implementation, assessment, and management of ISO 27001 : 2022, ISO 27002, and SOC 2 standards for clients. This role involves working i...Show more

Last updated: 30+ days ago • Promoted

Chief Information Security Officer

Career Stone Consultant • Republic Of India, IN

The job purpose is to lead and implement comprehensive cybersecurity and information security.Responsible for data privacy protection, infrastructure security, vendor management, and fostering a.Se...Show more

Last updated: 21 days ago • Promoted

Information Security Manager - US

Scrut Automation • India, India

Last updated: 2 days ago • Promoted

Co-Founder (VP / CISO / Head of Cybersecurity)

Secure Mojo • India, India

Last updated: 9 hours ago • Promoted • New!

Co-Founder | Chief Operating Officer - Global AI-Powered Tech Startup

SkillsCapital • India, India

Are you someone who can turn vision into execution, strategy into systems, and momentum into scale? Do you thrive in high-trust, high-ownership environments and want to help build the operating eng...Show more

Last updated: 30+ days ago • Promoted

Senior Manager – IT Risk, Audit & Compliance (ITGC / SOX / ERP Controls)

RGP • India, India

RGP is seeking a highly experienced.Senior IT Risk & Assurance Consultant.SOX 404 / ICOFR Assessments, IT General Controls, ERP Security & Controls, Cybersecurity, Data Privacy, and Risk Advisory s...Show more

Last updated: 9 hours ago • Promoted • New!

Security Operations Engineer

ITPeopleNetwork • India

We are looking for a junior to mid-level.Saviynt Identity Access Management (IAM / IGA).CyberArk Endpoint Privilege Manager (EPM). The ideal candidate will assist in user access governance, email thre...Show more

Last updated: 11 days ago • Promoted

Head of Research

Flexi Roundtables : Top 1% Leaders • India, India

Build a research engine to publish industry papers, GCC insights, leadership frameworks and data-driven reports.Produce whitepapers, leadership insights, talent reports, GCC deep-dives.Build resear...Show more

Last updated: 6 days ago • Promoted