Bestkaam Logo
Back to Jobs
phonon, automating outcomes

Chief Information Security Officer

Actively Reviewing

phonon, automating outcomes

Vadodara Part-Time 15–25 yrs exp Posted 6 hours ago  · Apply by Sep 14, 2026
Hiring: Fractional Information Security & Compliance Advisor (vCISO)


Location: Vadodara (Preferred) / Remote with monthly visits to Vadodara

Engagement: Part-time (1 day per week) / Consultant


At 22North by Phonon, we are building enterprise software for airlines and BFSI customers worldwide. As we continue to scale, we are strengthening our Information Security, Privacy and Compliance framework.


We are looking for an experienced Information Security professional who can help us build systems—not just documentation.


This is a hands-on advisory role where your objective will be to mentor our engineering and infrastructure teams while building a security governance framework that becomes part of our operating culture.


What you will do
  • Build and mature our Information Security Management System (ISMS)
  • Lead our journey towards ISO 27001 certification
  • Drive SOC 2 Type II readiness
  • Guide compliance with GDPR and India's Digital Personal Data Protection (DPDP) Act
  • Build practical security processes including:
  • Risk Management
  • Asset Management
  • Access Control
  • Incident Response
  • Vendor Risk Management
  • Business Continuity & Disaster Recovery
  • Security Awareness
  • Vulnerability Management
  • Review security architecture and operational controls with our engineering teams
  • Conduct periodic internal audits and management reviews
  • Build evidence repositories required for external audits
  • Train and mentor our Infrastructure, IT and Security Operations teams so they can independently manage these systems over time


We are looking for someone who has
  • CISSP and/or CISA certification (preferred)
  • ISO 27001 Lead Implementer or Lead Auditor certification
  • Experience implementing ISO 27001 in a software or SaaS organisation
  • Experience preparing organisations for SOC 2 Type II audits
  • Strong understanding of GDPR and India's DPDP Act
  • Experience building Information Security processes from the ground up
  • Ability to work closely with engineering and infrastructure teams


Bonus if you have
  • AWS Security experience
  • Experience with airline, travel or BFSI technology
  • Knowledge of ISO 27701 or privacy management systems
  • Experience with SOC, SIEM or cloud security


What success looks like

Success is not measured by producing documentation.

Success is when our engineering and infrastructure teams are capable of independently operating a mature Information Security and Compliance program, with ISO 27001 and SOC 2 Type II becoming natural outcomes of well-designed systems.


Engagement
  • Approximately one day per week
  • Long-term advisory engagement
  • Flexible working arrangement
  • Opportunity to help shape the security and governance foundation of a rapidly growing global SaaS company.


If this excites you, or you know someone who would be a great fit, we'd love to hear from you.