Information Security

**Job Title: Information Security & Compliance Officer**

**(Alternate Title: Infosec Auditor & Governance Manager)**

**Location**:Mumbai (or Hybrid as per business need)

Reporting To: Chief Information Security Officer (CISO) / Head of Technology

**Purpose of the Role**:
To manage and coordinate all Information Security audits, respond to auditor/banker queries, track

remediation timelines, maintain audit-ready documentation, implement security controls, and ensure compliance with ISO 27001, RBI guidelines, CICRA (Credit Information Companies Regulation Act), and other regulatory requirements.

**Key Responsibilities**:
1. Audit & Compliance Management
- Own end-to-end audit lifecycle across internal, external, partner, and regulatory audits (ISO 27001, RBI, CISA, Bank Infosec teams, CICs).
- Liaise with banks, auditors, NBFC partners to provide timely responses and evidence.
- Maintain an exhaustive audit tracker with timelines, evidence folders, and closure reports.
- Prepare documentation and ensure regular reviews of quarterly and half-yearly items (UARs, VAPT, password policy reviews, etc.).

2. Policy Implementation & Review
- Coordinate implementation and periodic review of all security policies such as:

- Information Security Policy
- Access Control Policy
- Encryption & Cryptographic Policy
- Password Policy
- Cloud Security Policy
- DLP, Antivirus & Patch Management Policy
- Data Retention & Disposal Policyo Change Management & SDLC
- HR Policy Security Clauses (Separation, Laptop return, Fidelity declaration)
- Ensure all policies are updated, approved, communicated, and enforced.

3. Security Controls & Infrastructure Compliance
- Maintain evidence of:

- AWS security group reviews and hardening reports
- VPN tools and access mechanisms
- IDS/IPS deployment
- Endpoint protection software, patch deployment
- DR/BCP drills and logs
- Cloud/network diagrams and access logs
- Coordinate with infra & DevOps team to track VAPT, SIEM, and firewall configurations.

4. Vendor, Cloud & Third-Party Governance
- Monitor and govern cloud configurations and vendor relationships for:

- AWS (Encryption, KMS, access control, VPC architecture)
- Anti-virus/DLP/MDM/USB blocking tools
- VAPT / Penetration Test vendors
- Subcontractor compliance with privacy & data sharing agreements

5. Documentation, Evidence & Automation
- Maintain updated SOPs, policy documents, declaration forms, signed NDAs, audit reports.
- Create periodic evidence checklists and trackers (UAR logs, patch updates, policy review minutes, Form III declarations).
- Work with tech & HR to automate compliance triggers (alerts for quarterly reviews, policy expiry, form sign-offs, etc.)

**Qualifications**:

- Bachelor’s degree in IT, Computer Science, Cybersecurity or equivalent. **Preferred: CISA, ISO 27001 Lead Implementer/Auditor, CEH, or other infosec certifications.**

**Experience**:

- **3-7 years of hands-on experience in information security audits, IT compliance, or**

**governance roles.**
- Experience with ISO 27001, RBI IT frameworks, CICRA, or financial sector infosec

requirements preferred.

Key Skills:

- Strong documentation and audit response skills
- Familiarity with AWS cloud, SIEM tools, endpoint protection, patching cycles
- Working knowledge of SDLC and DevSecOps frameworks
- Comfortable working cross-functionally with Tech, HR, Admin, Vendors, and Legal teams
- Strong command over Excel trackers, file documentation, and policy drafting

Bonus Skills:

- Knowledge of Indian regulatory requirements (CICRA, RBI Circulars)
- Experience in fintech or BFSI domain
- Familiarity with VAPT report analysis and remediation tracking

Pay: ₹33,602.64 - ₹80,000.00 per month

Schedule:

- Day shift

Work Location: Hybrid remote in Mumbai Suburban, Maharashtra