Cuerate - Lead/Manager/Senior Manager - Information Security

Preferred Candidate : Big-4 client facing, large corporates/MNC's corporate IT

Position Summary:

The Information Security Lead will lead the enterprise security compliance agenda, ensuring full alignment with evolving regulatory frameworks such as ISO 27001, DPDP Act, CERT-IN, ITGC, and ISO/IEC 42001 (AI Governance).

This role is crucial in maintaining client trust, operational resilience, audit readiness, and risk posture across all firm systems, platforms, and third-party integrations.

Key Responsibilities:

- Implement ISO 27001 in all offices.

- Lead and maintain ISO 27001 certification, including ISMS policy enforcement, risk treatment plans, SoA, internal audits, and management reviews.

Implement and monitor compliance with:

- DPDP Act (India)

- CERT-IN Guidelines (incident response, remote access, logging, reporting)

- ITGC Controls (as part of statutory and internal audits)

- ISO/IEC 42001 - AI Governance framework and AI risk registers

- Build and maintain a firm-wide risk register for cyber, privacy, and technology controls.

- Define and review Information Security Policies, Data Classification, Encryption Standards, Third-party Risk, etc.

- Partner with Legal, Risk, and IT teams to map risk ownership and corrective action workflows.

- Own and manage all client security assessments, and due diligence questionnaires.

- Maintain a structured repository of pre-approved responses, certificates, and audit summaries.

- Engage with clients' cybersecurity teams and support InfoSec audits or certifications demanded during onboarding or renewals.

- Lead GRC and access controls review across all IT systems and applications.

- Lead cyber insurance renewals, manage exposure data, and maintain claim readiness documentation.

- Define and test the incident response plan and conduct periodic tabletop exercises with senior leadership and external advisors.

- Lead BCP for the firm, and ensure it's regularly tested.

- Ensure alignment with business continuity and disaster recovery strategies.

- Define quarterly and annual Vulnerability Assessment & Penetration Testing (VAPT) plan with top-tier CERT-IN certified vendors.

- Oversee closure of vulnerabilities and tracking of all red/amber findings.

- Coordinate with IT Infrastructure and App teams for secure configuration baselines (servers, endpoints, cloud).

Track global trends and legal obligations in:

- AI & Data Ethics (align to ISO/IEC 42001)

- Cloud Security (including contractual obligations with SaaS providers)

- Encryption & Logging requirements under CERT-IN

- Draft internal advisories and update control frameworks accordingly.

- Lead the firm's cybersecurity awareness and phishing simulation program.

- Conduct annual ISMS awareness campaigns and mandatory user certification programs.

- Build a security-conscious culture by regularly engaging with Practice Heads, Partners, and Business Services.

Key Deliverables:

- ISO 27001 maintained with zero non-conformities

- Full compliance with CERT-IN guidelines and DPDP readiness documentation

- Quarterly VAPT assessments with remediation closure tracking

- Quarterly internal reviews to maintain compliance

- 100% client audit response turnaround within defined SLA

- Annual cyber tabletop drill executed with report and improvements tracked

- Internal and external audits passed with minimal observations

- Cyber Insurance aligned to evolving risks and policy coverage verified

- Conduct quarterly reviews to maintain all the compliance

Certifications Required:

- ISO 27001 Lead Implementer / Auditor

- CISSP / CISM

- DPDP Act / Privacy Certifications

- ISO/IEC 42001 (AI Governance Awareness) - Preferred

- ITIL v4 - Preferred

Education: B.E/B.Tech/M.Tech/Master in computer science

Leadership & Behavioral Competencies:

- Highly structured, audit-ready, and documentation-oriented

- Strong stakeholder engagement with Partners, Clients, cross functional teams, and Auditors

- Proactive risk identifier with a strong grasp of Indian and global compliance regimes

- Calm under pressure with strong incident response instincts

- Strategic mindset with tactical attention to operational control and reporting