Lead - ISMS (Information Security Management System)

Reporting Structure

Reports to Manage – ISMS

Location – Mumbai

Education

·       University degree in the field of computer science, Electronics & Telecommunication (ExTC) or IT.

Experience/ Qualifications

·       6 – 8 years of work experience in Governance and Audit management.

·       Strong knowledge of Governance requirements and relevant standards

·       At least Basic technical knowledge. Familiarity with ITGC control requirements will be beneficial.

·       Core experience in ISMS implementation, Internal audits and remediation, Incident management, exception management activities.

·       Should have worked on Risk assessment, risk management. Should be well-versed with different risk management methodology

·       Should have handled internal as well as external audit

·       Excellent communication & stakeholder management, present to senior leadership and align cross-team efforts.

·       Working on any governance tool can be and added advantage

Industry

·       Information Security / Cyber Security / Governance

Responsibilities

·       Developing and Implementing ISMS Policies and Procedures within the organization

·       Analysing organizational security needs, creating comprehensive policies, and ensuring compliance with standards like ISO/IEC 27001. 

·       Conducting Risk Assessments - Identifying and evaluating potential threats and vulnerabilities to information assets, implementing mitigation strategies, and conducting periodic risk assessments. 

·       Ensure Legal and Regulatory Compliance by staying informed about relevant laws and regulations and ensuring the ISMS aligns with these requirements. 

·       Incident Management: Establishing and enforcing procedures for handling security incidents, ensuring timely and effective responses, and conducting post-incident reviews. Maintain the incident reports and details of the incidents in the tracker

·       Training and Awareness: Developing and delivering Information security awareness training programs to educate employees about information security policies and procedures. 

·       Working with various departments (IT, ADMIN, HR, etc.) to integrate security practices and ensure a coordinated approach to information security. 

·       Monitoring ISMS performance metrics, identifying areas for improvement, and implementing necessary changes. 

·       Maintaining documentation for all the activities

Industry Certifications

·       LI/ LA ISO 27001:2022

·       CISA/ CISM