Senior Consultant Information Security- ISO 27001 Implementer Job in Glan Management Consultancy at Gurgaon

Job Description

Job Title:

Senior Consultant Information Security IT

Job Purpose:

Acting in a key technical management & execution capacity to provide a conduit between IT teams and key business stakeholders thereby ensuring information technology needs are managed consistently, following professional IT and global standards, and delivered with a high quality and customer satisfaction.

Reward level:

Middle Management

Job Location:

Gurgaon

Experience:

7 years

Relevant Experience:

7 years

Reporting to:

General Manager

Qualification:

Bachelors degree in IT and relevant Information Security

Certifications Key Deliverables:

• Provide support as Lead implementor towards ISMS and PIMS policies, procedures, and guidelines and ensure to perform regular review and update.
• Gather evidence of continuous compliance with ISO 27001:2022 and ISO 27701:2019, DPDPA, IT Act and Cert In Regulation including audit logs, records of reviews, timely closure of open audit and risks and sharing the report with management.
• Conduct regular, documented information security and privacy risk assessments on Security Tools and Technologies by identifying assets, threats, vulnerabilities, likelihood, and impact.
• Prioritize identified vulnerabilities, detailed findings, remediation recommendations, trending reports on vulnerability posture towards closure with stakeholders.
• Implementation of a comprehensive, ongoing security project plan for remediation of open audit gaps.
• Prepare regular report on overall information security posture, GRC maturity, and risk landscape to relevant stakeholders.
• Perform Root Cause Analysis and lessons learned from information security incidents, actively participate in audits and support internal IT staff to perform technical assessments and controls with evidence.

Key Relationships:

• Internal IT and business customers.
• Global/Local IT Vendor, market and global (HQ) colleagues.
• Internal staff - direct reports (where applicable).
• IT vendors, contractors (where applicable).

Knowledge Skills and Abilities:

• Must have ISO 27001 Lead Implementer and ISO 27701 Lead Implementer certifications.
• In depth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as well as UK DPA and ISO 31000.
• Good to have certification on CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) and Cloud Security certifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty).
• Familiarity with common vulnerability scanning tools like Qualys (features, reporting, agent-based vs. network scans) and Cloud Security Posture Management (CSPM) tools like Wiz (cloud service provider configurations, misconfigurations, compliance checks in AWS, Azure, GCP).
• Conduct and lead IT DR drills and Tabletop exercises with internal IT teams.
• Hands on knowledge on common security technologies (e.g., firewalls, EDR, Cloud Security, VAPT tools, SIEM, WAF, DLP, PAM, BAS, encryption etc.,).
• Ability to handle and manage Endpoint, Perimeter, Cloud and Data Security technical consoles with configuration and fine tuning of policies.
• Understanding of various penetration testing types (e.g., network, web application, API, mobile, cloud) and methodologies.
• Knowledge of common attack vectors and exploitation techniques like MITREATTACK and DEFEND, NIST Cyber Security Framework.
• Excellent technical writing skills for creating clear, concise, and comprehensive security policies, standards, and procedures.
• Ability to analyse complex risk data and present actionable insights.
• Proficiency with GRC platforms or tools for managing policies, risks, and controls.
• Exceptional verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders.
• Strong technical skills to diagnose security issues, identify root causes, and develop effective solutions.
• Ability to develop and deliver engaging security training sessions and awareness campaigns to internal IT staff.
• Ability to stay updated with the latest security threats, vulnerabilities, technologies, and regulatory changes.

Contact Information:

Email updated resume with salary details to:
email:

Contact: Satish

Website:

Key Skill:

Consultant Information Security, GRC, information security consultant, IT security, ISO 27001 compliance, ISO 27001 Implementer, ISO 27001, internal auditor, CISM

Posted on:

26th Aug, 2025

---