Information Security and compliance Lead

Role Summary - 5-7 years of experienced Information Security & Compliance Lead responsible for managing and strengthening the organizations Information Security Management System (ISMS) and Quality Management System (QMS). The role involves overseeing ISO 27001, ISO 9001, SOC 2 compliance, conducting internal audits, managing risk assessments, and ensuring regulatory and client security requirements are effectively implemented. Candidate should have hands-on experience in audit management, documentation, risk assessment, policy implementation, and certification lifecycle management.

Key Responsibilities

Compliance & Certification Management -

Lead and maintain ISO 27001 ISMS and ISO 9001 QMS frameworks.

Support SOC 2 Type I & Type II compliance initiatives.

Manage external audits (certification, surveillance, recertification).

Coordinate with certification bodies, auditors, and consultants.

Track and close audit observations and CAPAs.

Respond to information security RFIs, due diligence questionnaires, and third-party risk assessments.

Coordinate with IT, HR, Legal, and Operations teams to gather required evidence.

Maintain repository of standard security responses and supporting documents

Ensure timely submission of security documentation to clients and partners.

Internal Audit & Risk Management -

Plan and conduct internal audits for ISO 27001, ISO 9001, and SOC 2.

Perform risk assessments and maintain risk register.

Conduct vendor security assessments.

Ensure timely remediation of nonconformities.

Monitor control effectiveness and compliance posture.

Policy & Documentation Management -

Draft, review, and update security policies, SOPs, and procedures.

Maintain compliance documentation repository.

Ensure document control and version management.

Map controls with applicable standards and client requirements.

Qualifications

Bachelors degree in Information Security, Computer Science, IT

57 years of experience

ISO 27001 Lead Auditor / Internal Auditor certification (mandatory).

ISO 9001 Internal Auditor certification (preferred) Soft Skills

Strong analytical and problem-solving skills

Excellent communication and documentation skills

Detail-oriented with strong follow-up skill

Good presentation skills for management reviews.

Work Conditions

Require to working in EST timing with Hybrid mode