Interested candidates can share resume on 8689873784, with CCTC, ECTC, NP details and location.
Location: Lower Parel, Mumbai
Department: Information Security
Reports To: GRC Manager
Job Summary:
We are seeking an Information Security Governance Specialist with 3 years of experience in ISO 27001:2022, regulatory security guidelines, and data privacy laws. The ideal candidate will be responsible for maintaining security governance frameworks, ensuring compliance with Indian banking and insurance regulations, and supporting Third-Party Risk Management (TPRM) initiatives. Additionally, knowledge of the Digital Personal Data Protection Act (DPDPA), 2023 and global data privacy frameworks is required. The role involves close collaboration with cross-functional teams to strengthen the organization’s security posture and regulatory compliance efforts.
Key Responsibilities:
Governance, Risk & Compliance:
- Develop, implement, and maintain information security policies, standards, and procedures in compliance with ISO 27001:2022 and industry best practices.
- Manage Information Security Management System (ISMS) compliance, including conducting risk assessments, audits, and continuous improvements.
- Ensure compliance with Indian banking and insurance regulations, such as RBI Cyber Security Framework, IRDAI Information and Cyber Security Guidelines, and SEBI Cyber Security and Resilience Framework.
- Support Third-Party Risk Management (TPRM) activities by conducting vendor risk assessments, evaluating third-party security controls, and ensuring compliance with contractual security requirements.
- Monitor and enforce data privacy policies in alignment with the Digital Personal Data Protection Act (DPDPA), 2023 and international data protection laws (e.g., GDPR).
- Collaborate with legal, risk, and compliance teams to address data privacy, security governance, and regulatory requirements.
- Conduct internal security audits and assist in external audits to ensure compliance with security controls and regulatory mandates.
- Develop and conduct awareness training programs on data protection, information security, regulatory compliance, and third-party risk management.
- Track and report on security governance, compliance status, audit findings, and risk mitigation plans.
- Stay updated with emerging security threats, regulatory changes, and best practices in cybersecurity, data privacy, and third-party risk management.
- Maintain regulatory compliance dashboards and provide periodic reports to management.
Security Awareness & Training:
- Conduct organization-wide Information Security Awareness Training, including onboarding sessions.
- Plan and execute phishing, vishing, and smishing simulations to enhance cyber threat awareness.
- Develop and execute awareness campaigns focusing on regulatory compliance and data protection.
- Provide guidance to employees on incident reporting, risk mitigation, and compliance best practices.
Qualifications & Experience:
- Bachelor’s/Master’s degree in Information Security, Risk Management, or a related field.
- 3+ years of experience in Information Security, Governance, Risk, and Compliance (GRC).
- Experience with Indian regulatory frameworks, including RBI Cyber Security Framework, IRDAI Information and Cyber Security Guidelines.
- Experience in Third-Party Risk Management (TPRM), including vendor risk assessments and third-party security control evaluations.
- Familiarity with risk assessment methodologies, security audits, and regulatory reporting.
- Experience in third-party risk assessments, policy enforcement, and security awareness programs.
- Hands-on experience with ISMS tools and governance frameworks.
- Strong analytical, communication, and stakeholder management skills.
Certifications (Mandatory & Preferred):
✅ Mandatory:
- ISO 27001 Lead Auditor or
- Certified Ethical Hacker (CEH)
✅ Preferred:
- CISA, CISM, CRISC, CISSP or other relevant GRC certifications
Pay: ₹600,000.00 - ₹800,000.00 per year
Application Question(s):
- What is your Current CTC?
- What is your Expected CTC?
- What is your Notice Period?
- Where do you reside?
Work Location: In person
