Policy & Procedure Management
- Create, review, and periodically update IT and Information Security policies, procedures, and standards.
- Coordinate with stakeholders to ensure timely approval and alignment of policies with regulatory and industry best practices.
- Maintain a centralized repository of all policies, procedures, and governance documents.
Audits, Assessments and Compliances
- Facilitate internal, external, and regulatory audits/assessments, including audit kick-off, data collection, evidence validation, and closure discussions.
- Respond to auditor/assessor queries, ensuring timely and accurate evidence submission.
- Maintain a secure repository of all documents and related artifact.
- Drive closure of open observations/issues within defined timelines.
Risk Management
- Assist in conducting Information Security Risk Assessments in line with organizational, regulatory, and industry requirements.
- Maintain and update the risk register, ensuring timely closure of action items arising from identified risks.
- Conduct third-party/vendor risk assessments, prepare assessment reports, and drive remediation plans with vendors.
Training & Awareness
- Conduct induction sessions on Information Security for new joiners.
- Organize periodic awareness training including targeted training as and when required.
- Develop and deliver ongoing security awareness initiatives across the organization.
Governance & Monitoring
- Prepare and present monthly Information Security review decks and tracking status of action items.
- Track closure of identified gaps from periodic access reviews.
- Review and assess Master Service Agreements (MSAs) and vendor contracts for compliance with Information Security requirements.
Conduct periodic meetings to monitor end-user security posture and follow-ups on remediation plans.
