We are seeking an experienced Governance, Risk & Compliance (GRC) Lead to spearhead the
design, implementation, and maintenance of our ISO 27001 Information Security Management
System (ISMS). This is a hands-on leadership role responsible for establishing a robust security
governance framework, achieving ISO 27001 certification, and embedding a culture of
continuous security improvement across the organization.
Key Responsibilities
● ISMS Implementation & Certification: Lead end-to-end ISO 27001 implementation
from gap analysis through to successful Stage 1 and Stage 2 certification audits;
manage external auditor relationships
● Risk Management: Develop and operationalize the information security risk
management framework; conduct risk assessments, treatment planning, and risk
acceptance processes.
● Policy & Governance : Author, approve, and maintain the Statement of Applicability
(SoA), information security policies, standards, and procedures aligned with ISO 27001
Annex A controls.
● Control Implementation: Translate ISO 27001 Annex A controls into operational
security measures; coordinate with IT, Accounts, HR, Backoffice, and business units to
implement and validate controls.
● Compliance Monitoring: Establish continuous monitoring, internal audit programs, and
KPIs/KRIs to measure ISMS effectiveness; manage non-conformities and corrective
actions.
● Third-Party Risk: Oversee vendor security assessments and ensure supply chain
security controls meet organizational and ISO 27001 standards.
● Stakeholder Management: Report ISMS performance, risks, and compliance status to
senior leadership and the board; act as primary liaison for external auditors and
regulators.
Required Qualifications
● 5+ years of experience in information security governance, risk, and compliance
● Proven track record of leading at least one full ISO 27001:2022 certification cycle (gap
analysis → certification)
● Deep expertise in ISO 27001:2022 standard, Annex A controls, and ISMS
documentation requirements
● Strong understanding of risk assessment methodologies (e.g., ISO 27005, NIST RMF,
OCTAVE, FAIR)
● Familiarity with internal audit practices and managing external certification bodies
● Excellent stakeholder management and ability to influence across technical and non-
technical teams
● Strong documentation and communication skills — able to translate complex standards into actionable guidance
Preferred Qualifications
● Experience implementing ISMS in fintech, healthcare, or regulated industries
● Experience with SOC 2, GDPR, NIST CSF, PCI-DSS, or other compliance frameworks
● Background in cloud security (AWS, Azure, GCP) and DevSecOps environments
● Knowledge of automation for compliance evidence collection and control testing
● Certifications: CISM, CRISC, CISA, ISO 27001 Lead Auditor, or ISO 27001 Lead
Implementer
Why Join Us
● Opportunity to build the security governance function from the ground up
● High-visibility role with direct impact on customer trust and market differentiation
● Collaborative environment that values security as a business enabler, not a blocker
Company Profile:
We are a one-stop financial services shop, widely known for quality of its advice, personalizedservice and cutting-edge technology. We started our journey in 2008. Currently we are serving more than 50,000 investors with a team of 100 members. Our core product offering is mutual fund, FD, Govt. Bonds, Debenture, etc.
Contact:
Email : [email protected]
Mobile : 8655867034
Pay: ₹1,000,000.00 - ₹1,500,000.00 per year
Work Location: In person