Director – Cybersecurity (Security Posture & Resilience)

• *Director – Cybersecurity (Security Posture & Resilience)** • *Location : Bangalore /Chennai** • *About Mastech Digital**

Mastech Digital is a leading digital transformation and talent services company, delivering technology and AI-powered solutions to enterprise clients across North America and globally. As part of our Autonomous Enterprise vision, we are building a next-generation security capability that enables bold digital transformation while protecting our clients, people, and platforms. • *Required Qualifications** • *Experience** • 15–20 years of progressive cybersecurity experience, with at least 4–5 years in a senior leadership or program ownership role. • Demonstrated ownership of enterprise security posture programs — not just advisory roles. • Hands-on experience with cloud security on GCP and/or Azure in a complex, multi-tenant or digital services environment. • Track record of delivering SOC 2 and ISO 27001 certifications, including managing external audit cycles. • Experience working directly with senior technology and transformation leaders, C-suite, and board-level stakeholders. • *Technical Depth** • Strong command of cloud security controls: CSPM, CIEM, CWPP, SIEM, Zero Trust, and network security architecture. • Proficiency in application security frameworks: OWASP, SAST/DAST, API security, and secure SDLC practices. • Familiarity with AI/LLM security risks, agentic AI attack surfaces, and emerging AI governance frameworks (NIST AI RMF, ISO 42001). • Understanding of identity security: Entra ID / AAD, RBAC, PAM, and MFA policies. • Working knowledge of threat intelligence platforms, vulnerability management tools, and attack surface management solutions. • *Frameworks & Certifications** • Deep familiarity with NIST CSF, CIS Controls, ISO 27001, SOC 2, and cloud security benchmarks (CIS, CSA CCM). • Preferred certifications: CISSP, CISM, CCSP, GIAC (GCIA, GCIH), or equivalent. Cloud security certifications (GCP/Azure) are a strong plus. • Exposure to PCI-DSS or HIPAA compliance in technology/services environments is advantageous.