Director of Information Risk and ComplianceChargebee • Chennai, Republic Of India, IN

Director of Information Risk and Compliance

Chargebee • Chennai, Republic Of India, IN

2 days ago

Job description

Role Purpose

The Director / Head of Information Security will lead Chargebee’s Corporate Information Security function, working in close partnership with the Enterprise Cyber security (ECS) which manages product and infrastructure security and Corporate IT (which manages employee systems, devices, and operations) teams.

This role focuses on strengthening enterprise-wide governance, compliance, and risk management by designing new security capabilities while leveraging existing technical and operational controls across the broader ecosystem.

The leader will own the ISMS (ISO 27001 Program), Incident Management, Data Protection, Endpoint Security, and other GRC (Governance, Risk & Compliance) programs that protect our people, systems, and customers.

The ideal candidate will enable Chargebee to stay audit-ready, resilient, and trusted by customers as we continue to scale globally.

Key Responsibilities

1. Information Security Strategy & Governance

Lead the design and execution of Chargebee’s enterprise security strategy aligned with business goals
Own and continuously improve the Information Security Management System (ISMS) under ISO 27001, SOC 2, PCI DSS, and GDPR.
Establish and maintain the security governance framework, policies, and standards across business units.
Drive adoption of a unified security maturity model and track progress across all security domains.
Report quarterly to senior leadership on posture, risks, incidents, and roadmap progress.

2. Program Ownership Across Core AORs

Own and mature the following functions and teams :

ISMS & ISO 27001 Program – Governance, internal audits, controls, SoA, and certification management.

Corporate Incident Management (CIM) – Centralized IR process, playbooks, RCA / CAPA, and coordination of each incident, coordinating Product security, Global Technology Infrastructure and internal operations team

Data Leakage Prevention (DLP) – Policy, enforcement, and insider data risk management of corporate systems and corporate technology (Collaboration and knowledge management systems).

AI information Security Governance – AI risk reviews, usage policy, vendor evaluation, and compliance oversight of corporate information systems and Corporate Technology.

Security Awareness Program – Continuous education, phishing simulation, and behavioral improvement of corporate information systems and Corporate Technology.

Corporate IT Risk Management – Risk register, reviews, and treatment lifecycle of corporate information systems and Corporate Technology.

Business Continuity Program (BCP) & Data Recovery (DR) (Corporate) – Continuity governance, simulation testing, recovery validation of corporate information systems and Corporate Technology.

Policy Governance – Centralized authoring, review, communication, and adoption tracking of corporate information systems and Corporate Technology.

Access Governance (RBAC) – Access policy, JML automation, and certification reviews of all systems, product operations and corporate systems and technology.

Endpoint Security (Systems & Hardware) – Device hardening, monitoring, and compliance visibility of corporate information systems and Corporate Technology.

GTM Trust Enablement (RFP / RFI) – Customer trust documentation, security questionnaires, SLAs in response to processes and governance related questions referring to Chargebee’s corporate information systems and Corporate Technology.

3. Operational Execution & Oversight

Establish a centralized incident classification and escalation model for all business functions.

Drive RCA & CAPA closure across incidents and audits;

ensure risks are documented and tracked.

Maintain audit and evidence readiness for customer and external certifications.

Oversee DLP and endpoint monitoring, ensuring response workflows are automated and integrated.

Partner with ECS and IT to embed security by design into products, infrastructure, and employee systems.

Assist in responding to customer RFP’s to clarify and confirm Chargebee’s information security and corporate systems compliance

4. Risk, Compliance, and Reporting

Maintain the enterprise security risk register;

ensure high / critical risks have defined treatment and ownership.

Manage ISO internal audits and, surveillance reviews, and customer due diligence requests.

Develop and publish quarterly security KPIs and KRIs, including metrics on incidents, risk aging, compliance, and awareness.

Lead regular security governance reviews with senior leadership, providing updates on posture, risks, and strategic initiatives

5. People Leadership & Culture

Build and lead a high-performing infosec team across GRC, Risk, DLP, IR, and Awareness.

Partner cross-functionally with IT, ECS, Legal, HR, Comms, Risk & Compliance, and GTM enablement functions..

Promote a culture where security is everyone’s responsibility through communication, enablement, and collaboration.

Mentor, coach, and grow internal talent to scale the security program sustainably.

Create a job alert for this search

Director Information • Chennai, Republic Of India, IN

Related jobs

Senior Compliance & Information Systems Advisor

YES BANK • Republic Of India, IN

Objective The incumbent would be primarily responsible for co-ordinating regulatory inspections.Take care of IT compliance & also conduct Information Systems Audit for the Bank.Experience in conduc...Show more

Last updated: 24 days ago • Promoted

Director of Information Technology

Pathways World School • New Delhi, Republic Of India, IN

We are seeking a dynamic and visionary Chief Information Officer (CIO) to lead the Group’s IT, digital, and technology transformation agenda. The CIO will define and implement a comprehensive IT str...Show more

Last updated: 9 days ago • Promoted

Information Risk Manager

Northern Arc Capital • Chennai, Republic Of India, IN

Review and update of the information asset register in accordance with RBI, SEBI, IRDAI, UIDAI, IT Outsourcing, Data Localization and ISO 27001 : 2013 requirements. Responsible for managing, tracking,...Show more

Last updated: 11 days ago • Promoted

Director, Compliance

Capital One • Republic Of India, IN

The Compliance Advisor Director performs a key risk management role (second line of defense), to help ensure corporate initiatives and lines of business processes comply with applicable laws and re...Show more

Last updated: 2 days ago • Promoted

Head of Information Security

HotelTrader LodgIQ (India) Pvt. Ltd. • Nagpur, IN

Hotel Trader is a 100% automated & cloud-based distribution management company providing the tools necessary for hotels to seamlessly connect to global demand with the click of a button.We fully em...Show more

Last updated: 30+ days ago • Promoted

Director Of Corporate Information Security

Chargebee • Chennai, Republic Of India, IN

Last updated: 2 days ago • Promoted

Head of Corporate Information Security

Chargebee • Chennai, Republic Of India, IN

Last updated: 2 days ago • Promoted

Information Security Risk and Compliance Manager

Agile Technology Solutions - Your Technology Partner • Pune, Republic Of India, IN

ISMS & Compliance Manager (ISO 27001 / VDA ISA).Develop, implement, and maintain the.Required Skills & Competencies.ISO 27001 Implementation & Auditing, VDA ISA Compliance.Risk Management (ISO 3100...Show more

Last updated: 11 days ago • Promoted

Director of IT Infrastructure and Security

Cheers Interactive • Republic Of India, IN

We are seeking an experienced and innovative Director-IT Infra to lead our IT Infrastructure and IT Security teams.The ideal candidate will drive the management and strategic oversight of on premis...Show more

Last updated: 30+ days ago • Promoted

Risk & Compliance Leader

NPCI BHIM • Republic Of India, IN

Preferred Educational Qualification : .Enterprise Risk Management (ERM), Operational Risk Management (ORM), incident governance, compliance and / or audit. Candidate should have worked extensively on ma...Show more

Last updated: 4 days ago • Promoted

Regional Information Risk Management Officer

Stellantis • Chennai, Republic Of India, IN

The Regional Information Security Officer (RISO) serves as the key cybersecurity and data protection leader within the region, acting as a strategic liaison between the Global CISO organization and...Show more

Last updated: 22 days ago • Promoted

Information Security Management Systems Compliance Lead

Agile Technology Solutions - Your Technology Partner • Pune, Republic Of India, IN

Last updated: 11 days ago • Promoted

Technology and Innovation Director

Pathways World School • New Delhi, Republic Of India, IN

Last updated: 9 days ago • Promoted

Head Of Information Security

HotelTrader LodgIQ (India) Pvt. Ltd. • Republic Of India, IN

Last updated: 10 days ago • Promoted

Regional Cyber Governance & Compliance Manager

Stellantis • Chennai, Republic Of India, IN

Last updated: 22 days ago • Promoted

Director of Information Security

Adani Electricity • Republic Of India, IN

AEML powers one of India’s largest metropolitan areas, making cybersecurity a mission-critical function.This role safeguards the smart grid infrastructure, customer data, and digital control system...Show more

Last updated: 11 days ago • Promoted

Director of Information Security

HotelTrader LodgIQ (India) Pvt. Ltd. • Republic Of India, IN

Last updated: 9 days ago • Promoted

Compliance Risk Management Director

Capital One • Republic Of India, IN

Last updated: 2 days ago • Promoted