Information Security Manager- ISO 27001 LA

Job Title: Manager Information Security – IT

Job Purpose: Acting in a key technical management & execution capacity to

provide a conduit between IT teams and key business stakeholders in your

functional area of IT Security to ensure MSR information technology needs are

managed consistently, following professional IT and global standards, and

delivered with a high level of quality and customer satisfaction.

Reward level: Middle Management

Job Location Gurgaon

Experience 10+ years

Relevant Experience 7+ years

Reporting to: General Manager

Qualification: Bachelor's degree in IT

Key Deliverables:

 Provide support as Lead auditor towards ISMS and PIMS policies,

procedures, and guidelines and perform regular review and update.

 Perform deep assessment to gather evidence of continuous compliance with

ISO 27001:2022 and ISO 27701:2019, DPDPA, IT Act and Cert In Regulation

including audit logs, records of reviews, timely closure of open audit and risks

and sharing the report with management.

 Conduct regular, documented information security and privacy risk

assessments identifying assets, threats, vulnerabilities, likelihood, and impact

with stakeholders.

 Prioritize identified vulnerabilities, detailed findings, remediation

recommendations, trending reports on vulnerability posture towards closure

with stakeholders.

 Development and implementation of a comprehensive, ongoing security

awareness and training program for all employees.

 Encourage secure behaviours among colleagues and reinforce the

importance of information security and privacy in daily operations.

 Prepare regular report on overall information security posture, GRC maturity,

and risk landscape to relevant stakeholders

 Ability to collect lessons learned from incidents, audits, and assessments to

drive continuous improvement in ISMS/PIMS and security processes.

Key Relationships:

 Internal IT and business customers in MSR.

 Global IT Vendor, market and global (HQ) colleagues, Local vendor partners

 Internal staff - direct reports (where applicable)

 IT vendors, contractors (where applicable)

Knowledge Skills and Abilities:

 Must possess and demonstrate ISO 27001 Lead Implementer/Auditor and ISO

27701 Lead Implementer/Auditor certifications and knowledge.

 In depth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as

well as UK DPA and ISO 31000

 Good to have certification on CISM (Certified Information Security Manager),

CISSP (Certified Information Systems Security Professional) and Cloud Security

certifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty)

 Familiarity with common vulnerability scanning tools like Qualys (features,

reporting, agent-based vs. network scans) and Cloud Security Posture

Management (CSPM) tools like Wiz (cloud service provider configurations,

misconfigurations, compliance checks in AWS, Azure, GCP).

 Understanding of various penetration testing types (e.g., network, web

application, API, mobile, cloud) and methodologies

 Knowledge of common attack vectors and exploitation techniques like MITRE

ATTACK and DEFEND framework.

 Basic to intermediate knowledge of common security controls and technologies

(e.g., firewalls, EDR, Cloud Security, VAPT tools, SIEM, WAF, DLP, encryption).

 Understanding of network protocols, operating systems (Windows, Linux), and

common application architectures.

 Knowledge of audit principles and practices (internal and external audits).

 Understanding of corrective action planning and non-conformity management.

 Understanding of third-party risk management principles and vendor due

diligence processes.

 Excellent technical writing skills for creating clear, concise, and comprehensive

security policies, standards, and procedures.

 Ability to analyse complex risk data and present actionable insights.

 Hands-on experience with Qualys for configuring scans, analysing reports, and

managing vulnerabilities.

 Hands-on experience with Wiz CSPM for monitoring cloud environments,

identifying misconfigurations, and generating compliance reports.

 Proficiency with GRC platforms or tools for managing policies, risks, and controls

 Exceptional verbal and written communication skills to articulate complex security

concepts to technical and non-technical stakeholders

 Ability to build strong relationships and collaborate effectively with diverse teams

(IT, Legal, HR, Development, Business Units).

 Skills in influencing behaviour and driving change across the organization to

improve security posture.

 Strong analytical skills to diagnose security issues, identify root causes, and

develop effective solutions.

 Ability to critically evaluate security controls and identify gaps.

 Contract review and negotiation skills specifically for security-related services.

 Ability to effectively manage vendor relationships and performance.

 Ability to develop and deliver engaging security training sessions and awareness

campaigns.

 Ability to stay updated with the latest security threats, vulnerabilities,

technologies, and regulatory changes.

 Capacity to quickly learn and adapt to new tools and methodologies.

 Meticulous attention to detail in policy creation, audit documentation, and

vulnerability analysis.

 Ability to act calmly and effectively during security incidents and contribute to

mail updated resume with salary details-

email- etalenthire@

satish- 88O

Job Type: Full-time

Pay: ₹1,533, ₹2,507,976.69 per year

Ability to commute/relocate:

• Gurgaon, Haryana: Reliably commute or planning to relocate before starting work (Preferred)

Application Question(s):

• Do you have certification on ISO 27001 Lead Auditor ?
• Current ctc ?
• Expected ctc ?
• Notice period ?
• Current location ?
• Would you be comfortable with job location (Gurgaon) ?

Experience:

• information security consultant: 7 years (Preferred)

Work Location: In person