Information Security Officer

Information Security Officer

Application Deadline: 30 September 2025

Department: Risk and Compliance

Employment Type: Permanent - Full Time

Location: Pune

Description

• We are seeking a proactive and knowledgeable Information Security Officer to support the business across all aspects of information security. This role is essential in maintaining and strengthening our security posture, ensuring compliance with our regulatory and legal requirements, including maintaining our ISO/IEC 27001 certification.
• Reporting to the Head of Information Security, you will play a key role in advising teams on security best practices, assisting with the implementation and continuous improvement of our Information Security Management System (ISMS), and supporting, audits, risk assessments, and incident response activities. You will collaborate with stakeholders across IT, risk, legal, and operations to ensure security is embedded in business processes and projects from the outset.
• The ideal candidate will have strong working knowledge of ISO 27001, an understanding of risk-based approaches to security, and experience in supporting security governance, awareness, and compliance efforts. A practical, solution-oriented mindset and the ability to communicate technical risks in a business context are essential.
• This is a hands-on, business-facing role suited to someone passionate about helping teams operate securely while enabling the business to move with agility and confidence.

Key Responsibilities

• Maintain and continuously improve the ISO/IEC 27001 ISMS across the business.
• Support the planning, coordination, and execution of internal audits related to information security controls and processes.
• Collect, analyse, and report on ISO 27001 objective metrics to monitor compliance and drive continuous improvement initiatives.
• Prepare and present divisional information security updates, risk posture insights, and performance indicators to the Group Head of Information Security.
• Develop, implement, and refine information security procedures, policies, and controls to ensure ongoing compliance with ISO/IEC 27001 and related standards.
• Support the Group Head of Information Security to shape the Information Security strategy.
• Identify, investigate, and remediate information security vulnerabilities, incidents, and control failures, maintaining a focus on root cause analysis and preventative action.
• Drive a culture of security awareness through the development and delivery of tailored education and training programmes in partnership with HR, IT, Data Privacy, and Cybersecurity teams.
• Lead and support information security risk assessments, leveraging a risk-based approach to inform prioritisation and decision-making.
• Provide strategic and tactical guidance on information security matters to business units and project teams, ensuring that security is proactively embedded into systems, products, and processes.
• Monitor emerging threats, vulnerabilities, and industry trends to ensure the business remains resilient and well-prepared.
• Support third-party risk assessments and supplier due diligence activities to ensure the secure handling of data by vendors and partners.
• Contribute to incident response planning and execution, including developing playbooks and participating in simulation exercises.
• Support regulatory compliance efforts (e.g. GDPR, NIS2, DORA) and assist with external audits, certifications, and client security due diligence where required.

Experience
At least 3 years of hands-on experience in an information security or risk role.
Solid understanding of:

• ISO 27001 ISMS implementation or audit
• Information security risk management including risk assessments & controls 
• Policy, standards, and procedure writing
• Supporting internal and external audits

Education
A Bachelor's degree or higher in Information Security, Computer Science, or related field.

Skills, Knowledge & Expertise Knowledge

• Security governance and compliance (e.g. policies, standards, procedures)
• Information Security principles and frameworks, especially:

1. ISO/IEC implementation and audit)
2. NIST CSF
3. CIS Controls

• Risk Management processes (identification, assessment, mitigation)
• Security Incident response procedures
• Regulatory and legal requirements such as:

1. GDPR
2. Data Protection Act (UK)
3. Cyber Essentials / Cyber Essentials Plus

Skills

• Strong analytical mindset, with the ability to assess security risks, interpret technical details, and make sound decisions based on available data.
• Clear and confident communicator, capable of translating complex security issues into language appropriate for both technical and non-technical stakeholders.
• Skilled in drafting and maintaining documentation, including policies, standards, procedures, and guidance that align with security frameworks and regulatory requirements.
• Project-focused approach, with the ability to advise and support IT and business initiatives, ensuring security is built-in from the outset.
• Experienced in audit and compliance activities, contributing to the preparation, execution, and follow-up of internal and external audits.
• Able to develop and deliver engaging security awareness training and educational materials to a diverse audience.

Ability

• Demonstrated ability to apply security frameworks (e.g., ISO 27001, NIST) in a practical, business-aligned manner.
• Collaborative team player, comfortable working with IT, Legal, HR, Risk, and operational teams to ensure consistent security integration.
• Pragmatic and business-aware, with the ability to balance security objectives with operational needs through a risk-based approach.
• Capable of leading small-scale initiatives and driving continuous improvement across security activities.
• Quick learner with a growth mindset, able to adapt to emerging threats, technologies, and industry trends.
• Resilient under pressure, such as in incident response or regulatory assessments.
• Proven experience in information security and risk management.
• Strong knowledge of ISO/IEC 27001 and other relevant standards.
• Demonstrates initiative and thrives in autonomous environments, taking ownership of tasks with minimal supervision.
• Excellent English communication skills (written and verbal).
• Stakeholder engagement skills.
• Relevant professional certification(s) (at least one of the following):

1. CISM – Certified Information Security
2. CRISC – Certified in Risk and Information Systems Control
3. ISO/IEC 27001 Lead Implementer/Auditor

---