Information Security Governance Leader
Actively Reviewing the ApplicationsGuardian Life
India, Tamil Nadu, Chennai
Full-Time
On-site
Posted 8 hours ago
•
Apply by June 3, 2026
Job Description
Job Description:
Information Security Governance Leader
Job Description
Role Summary
The Information Security Governance (ISG) Leader is a senior leadership role responsible for shared ownership along with US stakeholders for establishing, maintaining, and maturing the enterprise-wide information security governance framework. This individual will serve as a key advisor to BISO and senior leadership, ensuring the organization's security posture is aligned with regulatory obligations, industry standards, and business objectives. The role spans three core pillars: risk and compliance, policy and standards, and audit and assurance.
Key Responsibilities
Information Security Governance & Policy Management
This position can be based in any of the following locations:
Chennai
Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday
Information Security Governance Leader
Job Description
Role Summary
The Information Security Governance (ISG) Leader is a senior leadership role responsible for shared ownership along with US stakeholders for establishing, maintaining, and maturing the enterprise-wide information security governance framework. This individual will serve as a key advisor to BISO and senior leadership, ensuring the organization's security posture is aligned with regulatory obligations, industry standards, and business objectives. The role spans three core pillars: risk and compliance, policy and standards, and audit and assurance.
Key Responsibilities
Information Security Governance & Policy Management
- Own and maintain the cybersecurity policy framework, ensuring policies are current, effective, and enforceable.
- Lead annual policy reviews and updates to reflect regulatory, business, and threat‑landscape changes.
- Ensure policies and standards align with applicable laws and regulations (e.g., NYDFS) and industry frameworks (e.g., NIST).
- Provide governance guidance on policy interpretation and applicability across business initiatives.
- Provide governance oversight for security risks introduced through new initiatives, platforms, or architectural changes.
- Review architecture diagrams and security design / threat assessments to validate security‑by‑design principles.
- Identify and document risks where control gaps exist and ensure appropriate mitigation plans are defined and tracked.
- Support Third‑Party Risk Management (TPRM) by evaluating security integration and control effectiveness.
- Act as a security governance advisor for technology governance and innovation governance processes.
- Review and assess submissions through the Tech Governance process, including pre‑innovation, contracts, and design decisions.
- Partner with architecture, legal, and risk teams to ensure security requirements are embedded early in the lifecycle.
- Serve as a primary point of contact for customer and client security engagements, including:
- SOC 2 and assurance responses
- Security questionnaires and RFP responses
- Support regulatory exams and internal/external audits by providing governance artifacts, evidence, and control narratives.
- Ensure consistent, defensible security governance responses across customers and regulators.
- Define, collect, and report security governance metrics across the organization.
- Lead the automation of security metrics to improve accuracy and scalability.
- Prepare and present metrics and insights into Security Working Groups and Risk Committees.
- Track and report on key indicators such as phishing campaign results and security awareness effectiveness.
- Own and oversee mandatory awareness training programs
- Lead and expand the security awareness ecosystem, including:
- Security Champions program
- Cybersecurity Awareness Month initiatives
- Design, deploy, and analyze phishing simulation campaigns to strengthen workforce resilience.
- Foster a culture of shared accountability for information security across the enterprise.
- Experience: 10+ years of experience in information security, Governance Risk and Compliance (GRC) roles
- Certifications: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) are highly preferred.
- Framework Knowledge: Deep understanding of ISO 27001, NIST, and SOC 2.
- Soft Skills: Strong leadership, communication, and ability to influence stakeholders without direct authority
This position can be based in any of the following locations:
Chennai
Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday
Required Skills
Communication
Risk Management
Reporting
Leadership
Automation
Compliance
Simulation
Security Awareness
Training
Audit
Interpretation
Policy Interpretation
Cybersecurity
Information Security
Governance
Risk
NIST
Policy Management
CISA
Security design
Embedded
Phishing
GRC
SOC
Regulations
Design Principles
ISO 27001
Customer Assurance
Contracts
Security assurance
Framework
Risk and compliance
Information Systems Security
Legal
Information Systems
ISO
Threat
RFP
Security governance
Workday
Quick Tip
Customize your resume and cover letter to highlight relevant skills for this position to increase your chances of getting hired.
Related Similar Jobs
View All
Senior Bookkeeper
Uplers
India
Full-Time
Bookkeeping
Financial Statements
Invoice Processing
+40
Designer - Store design
Target
India
Full-Time
Communication
Problem Solving
Quality Assurance
+20
Project Manager
Deloitte
India
Full-Time
₹32–39 LPA
Risk Management
Jira
HR Generalist (Retail Division)
Elephants Delicatessen
India
Full-Time
Communication
Documentation
Leadership
+54
Business Development Executive – South Region
EyeROV (IROV TECHNOLOGIES PRIVATE LIMITED)
India
Full-Time
Communication
Sales
Engineering
+18
Quick Apply
Upload your resume to apply for this position