Senior Executive - Information Security Management System & Compliance

About the Role :

This is a full-time, on-site role for a Senior Executive in Information Security Management System & Compliance located in Mumbai. You will play a pivotal role in strengthening the organizations Information Security governance, ensuring compliance with global standards and internal policies. You will support the implementation and maintenance of ISO 27001, NIST CSF, and other cybersecurity governance frameworks, while ensuring that risks are identified, assessed, and mitigated effectively.

Roles & Responsibilities :

1. Information Security Governance & ISMS Management

Assist in implementing, maintaining, and supporting continual improvements of ISO 27001, NIST CSF, and the organizations ISMS.

Draft, review, and update Information Security policies, procedures, and standards as directed.

Monitor and report on security controls, KPIs, and KRIs to support governance activities.

Execute ISMS tasks including risk assessments, correctiveaction tracking, and control effectiveness reviews.

2. Compliance & Regulatory Adherence

Support internal and external audits related to ISO 27001, NIST, and other compliance frameworks.

Coordinate with stakeholders to ensure timely closure of audit findings.

Ensure compliance requirements for data protection and cybersecurity regulations are met across business units.

Maintain compliance documentation, audit trails, and evidence repositories.

3. Risk Assessment & Mitigation

Identify and track information security risks across applications, systems, and business processes.

Work with functional teams to support execution of risk mitigation activities.

Conduct periodic risk assessments, threat evaluations, vendor security reviews, and internal control checks.

Help promote secure practices through structured awareness and communication efforts.

4. Collaboration & Communication

Coordinate with IT, Cybersecurity, HR, Legal, and Business Units to support ongoing GRC initiatives.

Act as an operational liaison for governance and compliancerelated communication.

Prepare reports, presentations, and compliance summaries for review by leadership and auditors.

Contribute to organizationwide awareness and communication programs.

5. Training & Awareness

Assist in designing and delivery of Information Security training using designated learning platforms.

Manage cybersecurity awareness campaigns (phishing, hygiene, policy updates, regulatory changes).

Work with HR, Communications, and IT to ensure companywide participation.

Track training completion rates and document awareness effectiveness.