Key Responsibilities: ISMS Development and Implementation: Develop, implement, and maintain the organization's ISMS in accordance with established information security frameworks (e.g., ISO 27001, NIST Cybersecurity Framework). Identify and assess security risks, vulnerabilities, and threats to our information assets. Establish and maintain information security policies, procedures, and guidelines. Compliance and Certification: Ensure compliance with relevant information security standards, regulations, and legal requirements. Coordinate and oversee internal and external audits and assessments. Prepare the organization for ISO 27001 certification and lead the certification process and maintain the certification Security Awareness and Training: Develop and deliver information security awareness and training programs for employees and contractors. Promote a culture of security awareness and best practices throughout the organization. Incident Response and Management: Develop and maintain an incident response plan and coordinate incident response efforts. Investigate security incidents, breaches, and vulnerabilities, and implement corrective actions. Risk Management: Conduct risk assessments and identify areas for risk mitigation and improvement. Implement risk management strategies and monitor their effectiveness. Develop risk mitigation strategies and action plans. Security Audits and Assessments: Conduct regular security audits and assessments to identify weaknesses and areas for improvement. Collaborate with internal and external auditors to ensure compliance and drive remediation efforts. Vendor Security Management: Evaluate and monitor the security posture of third-party vendors and service providers. Ensure that third-party contracts include appropriate security clauses. Security Frameworks Expertise: Stay updated on emerging threats, security technologies, and industry best practices. Advise senior management on information security trends and their potential impact on the organization. Security Incident Documentation: Maintain records of security incidents, investigations, and resolutions. Experience Requirements: To excel in this role, the candidate should have the following qualifications and experience: Bachelor's degree in Information Security, Computer Science, or a related field. A Master's degree is preferred. Professional certifications such as ISO 27001:2022 LA, LI are highly desirable. 08-12 years’ experience with 4Yrs + in GRC. Familiarity with Privacy laws Have implemented and maintained organizations through ISO 27001 certification from grass roots level. Excellent communication skills (oral & written), with the ability to engage with all levels of the organization. Experience in conducting risk assessments, vulnerability assessments, and security audits. Proficiency in security technologies, tools, and methodologies. Key Skills: Conduct Audits independently, publish audit findings and track to closure. Hands on experience on implementing and maintaining security frameworks (ISO 27001/TISAX etc). Creation and delivery of Information Security awareness programs for employees. Dashboard preparation. Note: please provide your total Experience and current CTC in your profile.