Information Security Officer

Requisition ID Posted 11/18/2025

Essential Responsibilities include (but are not limited to):

• Help to plan and carry out the organization's information security strategy. Prepare and execute actions based on an ISMS calendar.
• Develop a set of security standards, policies and best practices for the organization.
• Regularly monitor computer networks and systems for security issues, breaches, or intrusions.
• Conduct regular monitoring and review of the information security in engineering projects and all functions/departments.
• Responsible for vulnerability & risk assessment of all information assets.
• Work with the IT & security team to perform tests and uncover network vulnerabilities.
• Fix detected vulnerabilities to maintain a high-security standard.
• Develop company-wide best practices for IT security.
• Perform penetration testing, to find any information security weaknesses in the systems.
• Support IT team to install security measures and software to protect systems and information infrastructure, including firewalls and data encryption programs, results/logs of mobile code, malicious code, and anti-virus software, to notify any intrusions, and scan for irregular system behaviour.
• Support IT team to install required end-point security products and procedures on employees' computers, projects' & departments' systems.
• Develop strategies to respond to and recover from any security breach.
• Investigate security breaches and other cybersecurity incidents and assess the extent of damage.
• Document security breaches and assess the damage they cause. Initiate incident response actions to minimize the impact.
• Stay up to date on information technology security trends, news, best practices and relevant security standards.
• Keep a watch on published and identified infosec threats and mitigations across the industry.
• Research security enhancements and make recommendations to management.
• Ensure required mitigation and preventive actions are taken to protect the company's information assets.
• Conduct periodic trainings, sessions, activities to increase employee awareness about maintaining information security.
• Increase the pool of internal auditors by identifying employees and training them as internal auditors.
• Conduct and participate in meetings of the various groups and forums such as EDRT, IRT, ISMF, etc.
• Review company contracts (MSA & NDA documents) with customers, vendors, contractors and other entities from a information security coverage perspective.
• Review and maintain the AIC and RART data of all departments and engg project groups.
• Ensure regular fire and evacuation drills are conducted to train the employees for actions during an emergency.
• Conduct call tree checks and scenario based table top exercises for reviewing preparedness for BCP / DR actions.
• Conduct periodic internal ISMS audits to review the effectiveness of information security in the organization.
• Consolidate and assess the results of all internal audits. Closure of non-conformities and required actions to strengthen the information security implementation of the organization.
• Liason, plan and proactively support the external auditors from ISMS certifying body in conducting the ISO 27001 surveillance and re-certification audits.
• Respond to customer's ISMS questionnaires in a timely and effective manner.
• Support the customer's ISMS auditors for conducting audits (if required).
• Ensure timely verification and closure of all audit findings (internal & external).
• Prepare reports of ISO activities and audits findings for informing the leadership team on quarterly basis.
• Initiate the Management Review meetings and present the status of information security to the leadership team to seek inputs and make recommendations for improvement.
• Maintain effectiveness of the ISMS with continual improvements.

Candidate must possess:

• Candidate should be based out of Pune location
• Bachelor's degree in computer science or related field
• Strong knowledge of ISO 27001 standard and prior experience with ISO 27001
• Strong knowledge of Cybersecurity, information security
• Knowledge of risk assessment tools, technologies, and methods. Strong understanding of endpoint security solutions
• Knowledge of disaster recovery, system and network security scanning tools, technologies, and methods
• Understanding of firewalls, proxies, SIEM, DLP, antivirus, content filtering and IDPS concepts
• Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact
• Experience planning, and developing security policies, standards, and procedures.
• Ability to communicate handel security incidents.
• Good experience in planning and conducting ISMS internal audits
• Experience in liasoning with external auditors from certifying bodies
• Ability to conduct trainings on information security
• A team player who shall able to technically guide the team and also work independently as individual contributor