About the Role

As Director – Cybersecurity at MakeMyTrip, India's leading digital travel company, you will lead and execute the cybersecurity strategy to protect our large-scale, cloud-native environment. Your role will span securing our network, infrastructure, applications, data, endpoints, and emerging technologies like Gen AI, balancing robust security with rapid business innovation. You will guide a multidisciplinary team, integrate security practices deeply across engineering and product teams, ensure compliance, and champion a security-first culture—ultimately safeguarding the trust of millions of travelers relying on MakeMyTrip for their journeys.

Key Responsibilities

• Lead a comprehensive cybersecurity strategy applying defense-in-depth across all layers—perimeter, network, cloud, application, data, endpoint, and people. Drive security for cloud-native, API-driven, distributed, and multi-cloud environments, balancing speed, scalability, and risk.
• Secure network, infrastructure, and cloud by enforcing segmentation, firewalls, least privilege access (e.g., JEA), and cloud-native controls like VPCs, security groups, and CIEM. Protect hybrid environments across on-prem, multi-cloud (AWS, Azure, GCP), and partner networks using CNAPP-like tools.
• Harden perimeter defenses with advanced controls like WAF, bot protection, geo-blocking, rate limiting, anomaly detection, adaptive access rules, and certificate management including mTLS—ensuring scalable, high-performance protection.
• Integrate application security across the SDLC through SAST, DAST, VAPT, IaC scanning, and CI/CD pipeline controls. Incorporate API security, threat modeling, and SBOM checks, while enabling developers via secure-by-default guardrails and actionable feedback loops.
• Protect sensitive data through identification, classification, and use of encryption, tokenization, masking, and anonymization. Monitor data flows, detect exposure risks, and enforce policy and compliance across all environments.
• Secure Gen AI initiatives by enforcing strong input/output validation, strict access controls, and content safety policies to mitigate risks like data leakage, prompt injection, and unauthorized usage.
• Protect enterprise endpoints through comprehensive device hardening, timely OS patching, and DLP enforcement across all data channels. Operate within a mature Zero Trust framework leveraging ZTNA and SASE principles, integrating endpoint telemetry to enable fast detection and response.
• Drive continuous security validation with red teaming, purple teaming, and Breach and Attack Simulations. Use realistic attack scenarios to uncover control gaps, enhance detection capabilities, and ensure effective remediation through cross-team collaboration.
• Foster a security-aware culture through employee training, phishing simulations, awareness campaigns, and behavioral risk management, empowering staff as security champions.
• Ensure compliance by aligning with regulations like GDPR, PCI DSS, and ISO 27001, managing audits, risk assessments, and enforcing security policies.
• Lead team development, maintain clear documentation, and drive innovation to continuously improve cybersecurity capabilities.

Ideal Candidate Profile

• Seasoned cybersecurity leader with 14+ years of experience and 3–5 years in senior leadership roles driving enterprise-wide security programs.
• Proven ability to architect and execute comprehensive security strategies across cloud-native, hybrid, and on-prem environments.
• Hands-on expertise with advanced perimeter defenses, network segmentation, cloud posture management, application security automation, and modern security tooling.
• Strong knowledge of data protection techniques including encryption, tokenization, anonymization, and emerging AI security challenges.
• Skilled at building, mentoring, and leading diverse, high-performing teams that foster a security-first mindset across the organization.
• Effective communicator who can translate complex technical risks into clear business priorities for executives and stakeholders.
• Experienced in navigating regulatory compliance frameworks such as GDPR, PCI DSS, SOC2, DPDPA, ISO27701/ISO 27001, and leading audits and risk assessments.
• Passionate about continuous learning, leveraging emerging technologies, and driving security culture and awareness.
• Preferred certifications: CISSP, CISM and relevant cloud security certifications (AWS, Azure, GCP).