Information Security Analyst – ISMS Implementor (Immediate Joiner - Thane Hybrid)

Summary -

We are seeking a highly motivated and detail-oriented Information Security Analyst to strengthen and enhance our clients information security posture. The ideal candidate should have hands-on experience implementing and managing ISO 27001 and SOC 2 compliance frameworks from the ground up, including policy development, risk assessments, audit coordination, and control implementation.

This role requires close collaboration with cross-functional teams to ensure compliance with security standards, support ongoing governance initiatives, manage security operations activities, and respond to client security assessments, RFPs, and due diligence requests. The candidate should possess strong analytical skills, a proactive approach to risk management, and the ability to drive security and compliance initiatives independently in a fast-paced environment.

Key Accountabilities

Operational

• Manage IT Security Operations and Security Administration activities
• Support Information Security Governance and compliance initiatives
• Develop, implement, and maintain the Information Security Management System (ISMS)
• Execute IT and Information Security remediation plans
• Implement and enforce Information Security policies, procedures, standards, and baselines
• Support secure Software Development Life Cycle (SDLC) practices
• Manage IT Security Incident response and coordination activities
• Ensure compliance with ISO/IEC 27001:2022, SOC 2, GDPR, and other applicable standards
• Drive ISO 27001 and SOC 2 certification and audit readiness activities
• Manage IT Application Security and Security Operations processes
• Align IT service delivery processes with security and incident management requirements
• Maintain security documentation including policies, standards, procedures, and evidence repositories
• Support End User and Desktop Security initiatives
• Respond to client and prospect security questionnaires, RFPs, RFIs, and due diligence requests with accurate and compliant information
• Collaborate with internal stakeholders including IT, Legal, Compliance, Product, Engineering, and Sales teams to support security and compliance requirements

Developmental

• Stay updated on emerging cybersecurity threats, technologies, and compliance requirements
• Contribute to IT security strategy planning and implementation initiatives
• Continuously enhance and maintain the organization-wide ISMS methodology aligned with industry best practices

Key Responsibilities

• Develop, implement, maintain, and continuously improve the ISMS framework based on ISO 27001:2022 requirements
• Conduct security audits, gap assessments, and compliance reviews to identify vulnerabilities and control gaps
• Perform risk assessments and maintain risk registers and risk treatment plans
• Review and assess security controls against frameworks such as ISO 27001, SOC 2, and GDPR
• Prepare audit reports, risk assessments, compliance dashboards, and management presentations
• Coordinate with internal teams to implement corrective and preventive actions for identified findings
• Track remediation activities and ensure timely closure of audit observations and security risks
• Support internal and external audits, certification activities, and evidence collection processes
• Conduct security awareness and compliance training sessions across the organization
• Work closely with Engineering, Product, Legal, Customer Success, and Operations teams to integrate security best practices into business and development processes
• Own and manage responses to client security assessments, questionnaires, RFPs, RFIs, and third-party audits
• Maintain repositories of security policies, certifications, standard responses, and audit evidence artifacts
• Support Sales and Pre-sales teams by addressing customer security and compliance requirements
• Assist in business continuity, disaster recovery, and incident response planning activities

Qualifications

• Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field
• 46 years of hands-on experience in Information Security, Compliance, or ISMS implementation, preferably within SaaS or technology environments
• Proven experience implementing and managing ISO 27001 and SOC 2 compliance programs
• Strong understanding of information security frameworks, governance models, and regulatory requirements
• Experience conducting risk assessments, internal audits, and remediation tracking
• Excellent analytical, documentation, communication, and stakeholder management skills
• Relevant certifications such as CISA, CISSP, CISM, ISO 27001 Lead Implementer, or Lead Auditor are preferred

Must- have Skills

• Hands-on experience with Internal Audits and Risk Assessments
• Experience with compliance automation and GRC tools such as DRATA or VANTA
• Strong understanding of Business Continuity and Disaster Recovery processes
• Experience reviewing and maintaining Information Security policies and procedures
• Experience handling client security assessments, vendor risk questionnaires, and RFP responses
• Ability to independently drive security and compliance initiatives in a fast-paced environment
• Strong attention to detail with a proactive and solution-oriented approach to risk management