Job Description

Experience Level

: 2 plus years

Location

: Malad, Mumbai

Job Type

: Full-Time (Work From Office)

Job Overview:

An Information Security Officer (ISO) leads the design, implementation, and maintenance of an organization's Information Security Management System (ISMS) to protect sensitive data, ensure regulatory compliance (e.g., ISO 27001, DPDP), and mitigate cyber risks. This role involves strategic oversight of security policies, audits, risk assessments, and incident response, collaborating across IT, HR, legal, and vendors to safeguard networks, applications, and personnel.

Roles and Responsibilities :

l Implementation of ISO 27001/Data Protection Policies. l Reviewing legal agreements from compliance and security point of view. l Determine security violations and inefficiencies by conducting periodic audits. l Perform risk assessments and reviews with the project owners l Conduct comprehensive risk assessments, VAPT, and configuration reviews for IT infrastructure and critical applications. l Provide solutions and work with internal and external stakeholders in minimizing risks. l Implemented appropriate security controls to effectively mitigate risks and achieve ISMS and DPDP compliance. l Support annual security compliance audits. l Perform security incident management and reporting including RCA. l Knowledge of IT security aspects towards key areas like Network Security, IT General Controls. l Security NCRs closure guidance, review and approval to customer engagements as part of internal and external audits. l Information security awareness session for new joiners as part of induction learning program. l Management reporting on security metrics and KPI's, improvements to security policy and procedures. l Performed vendor risk assessments and due diligence during the onboarding of critical vendors. l Working closely with IT infrastructure, administration and Human Resources Group for deploying technical, physical and personnel security interventions. l Review and monitoring of IT security controls incl. vulnerability assessments and penetration testing reports, freeware and open source software clearances, endpoint security compliance, firewall reviews and user access management.

Key Skills :

l Expertise in IT general controls, network security, risk assessments, and tools for VAPT/incident management. l Requires strong analytical skills, compliance knowledge, and stakeholder communication to balance security with business operations. l Ideal for professionals with ISO 27001 experience in dynamic environments facing evolving threats.
Job Type: Full-time

Pay: ₹300,000.00 - ₹750,000.00 per year

Work Location: In person