Lead the implementation, maintenance, and continual improvement of the Information Security Management System (ISMS) in line with ISO/IEC 27001 standards.
Conduct ISMS gap assessments and enterprise-wide cyber risk assessments, and track implementation of security controls.
Plan, manage, and support internal and external audits, including ISO 27001 Stage 1 and Stage 2 audits.
Maintain and govern ISMS documentation, including policies, standards, procedures, risk registers, and the Statement of Applicability (SoA).
Drive Information Security policy and process governance by drafting, reviewing, and updating policies, standards, and SOPs.
Lead internal technology audits across IT infrastructure, cloud environments, SOC, IAM, PAM, vulnerability management, and other cyber domains.
Identify control gaps, assess risk impact, track remediation actions, and validate the effectiveness of corrective measures.
Oversee the complete cyber risk management lifecycle, including risk identification, analysis, treatment planning, and monitoring.
Manage third-party and vendor security risk assessments and due diligence activities.
Ensure compliance with applicable regulatory and statutory requirements such as ISO/IEC 27001, CERT-In, CEA, BCAS, DPDP Act, and other relevant regulations.
Develop governance metrics, KPIs, and KRIs, and provide periodic risk and compliance reporting to senior management and audit committees.
Monitor changes in regulatory and compliance requirements and collaborate with cross-functional teams to address gaps and audit observations.
Qualifications
ISO/IEC 27001 Lead Implementer and/or Lead Auditor.
CISA, CISM, CRISC, or equivalent GRC-related certifications.
Strong documentation, policy drafting, and process definition skills.
Analytical and risk-based decision-making capabilities.
Audit planning, execution, and stakeholder management.
Ability to present risk and compliance insights to senior leadership.
Excellent communication and cross-functional collaboration skills.
