Job Description

What You Will Do
Establish and manage the information security governance framework aligned with organizational goals.
Develop, review, and maintain security policies, procedures, and standards.
Conduct risk assessments, gap analysis, and compliance audits (ISO 27001, NIST, SOC 2, GDPR, etc.).
Define and monitor key risk indicators (KRIs) and key performance indicators (KPIs) for security governance.
Work closely with IT, compliance, and business units to ensure security alignment across departments.
Support internal and external audits, ensuring evidence and documentation readiness.
Lead initiatives related to data protection, access management, and third-party risk governance.
Provide management reports and dashboards on risk posture, compliance status, and governance maturity.
Drive security awareness and training programs across the organization.
Advise leadership on strategic security improvements and regulatory compliance obligations

What You Need to Bring
Bachelor's degree in Information Security, Computer Science, or a related field.
10+ years of experience in information security governance, risk, and compliance (GRC).
Strong knowledge of security frameworks such as ISO 27001, NIST, COBIT, and CIS Controls.
Hands-on experience with risk management methodologies and governance tools (e.g., Archer, ServiceNow GRC, OneTrust).
Familiarity with data privacy regulations (GDPR, HIPAA, or local data protection acts).
Excellent understanding of IT audit processes, policy management, and control mapping.
Strong communication and stakeholder management skills.
Certifications preferred: CISM, ISO 27001 Lead Implementer/Auditor, CISSP, or CRISC.

Job Type: Full-time

Pay: ₹1,800,000.00 - ₹2,200,000.00 per year

Work Location: In person