Information Security Officer

Hello Aspirant,We are excited to announce new career opportunities within our organization. If you are looking to grow your career and work on innovative projects, we invite you to explore the roles listed below and apply. Exp.: 8 to 12 yrsJob Location: MumbaiRole: Information Security OfficerNotice Period: Max 30 DaysJob Role:Information Security Governance & Risk Management • Lead enterprise and project-level Information Security Risk Assessments, including identification, analysis, treatment, and reporting of security risks. • Support project governance by embedding security risk management practices across technology and business initiatives. • Identify, assess, and track project-related security risks, ensuring timely mitigation and risk acceptance where applicable.Vendor Risk Management • Own and operate the Vendor Risk Management (VRM) framework, including due diligence, onboarding assessments, periodic reviews, and exit assessments from Information Security perspective. • Perform security risk assessments of third-party vendors covering data protection, access controls, resilience, and regulatory compliance. • Collaborate with Procurement, Legal, and Business teams to ensure security requirements are embedded into vendor contracts and SLAs. ISO 27001 Implementation & Management • Lead the ISO/IEC 27001 Information Security Management System (ISMS) implementation, operation, and continual improvement. • Maintain ISMS documentation including policies, standards, procedures, risk registers, and control evidence. • Coordinate internal audits, Management Reviews, corrective actions, and surveillance/certification audits. Cyber Resilience • Support and enhance Cyber Resilience programs including incident response, disaster recovery, and business continuity from an information security perspective. • Participate in cyber incident simulations, tabletop exercises, and post-incident reviews to improve organizational readiness.Logical Access Management (LAM) & Data Protection • Review and validate role definitions and access controls defined by the Logical Access Management (LAM) team to ensure least privilege and segregation of duties. • Oversee Data Leakage Management controls including monitoring, policy enforcement, and incident handling relating to data loss or exposure. Security Awareness & Training • Design and drive Information Security Awareness and Training programs for employees, contractors, and relevant third parties. • Promote a strong security culture through campaigns, phishing simulations, and targeted training initiatives. Audit & Compliance Management • Act as the primary point of contact for internal and external audits related to information security. • Coordinate audit responses, track observations, and ensure timely closure of audit findings. • Support regulatory, customer, and contractual security compliance assessments.

Apply Now