Information Security Consultant - ISO 27001 Lead Implementer

Job Title: Senior Consultant Information Security – IT

Job Purpose: Acting in a key technical management & execution capacity to

provide a conduit between IT teams and key business stakeholders thereby

ensuring information technology needs are managed consistently, following

professional IT and global standards, and delivered with a high quality and

customer satisfaction.

Reward level: Middle Management

Job Location Gurgaon

Experience 7 years

Relevant Experience 7 years

Reporting to: General Manager

Qualification: Bachelor’s degree in IT and relevant Information Security

Certifications

Key Deliverables:

 Provide support as Lead implementor towards ISMS and PIMS policies,

procedures, and guidelines and ensure to perform regular review and update.

 Gather evidence of continuous compliance with ISO 27001:2022 and ISO

27701:2019, DPDPA, IT Act and Cert In Regulation including audit logs,

records of reviews, timely closure of open audit and risks and sharing the

report with management.

 Conduct regular, documented information security and privacy risk

assessments on Security Tools and Technologies by identifying assets,

threats, vulnerabilities, likelihood, and impact.

 Prioritize identified vulnerabilities, detailed findings, remediation

recommendations, trending reports on vulnerability posture towards closure

with stakeholders.

 Implementation of a comprehensive, ongoing security project plan for

remediation of open audit gaps.

 Prepare regular report on overall information security posture, GRC maturity,

and risk landscape to relevant stakeholders

 Perform Root Cause Analysis and lessons learned from information security

incidents, actively participate in audits and support internal IT staff to perform

technical assessments and controls with evidence.

Key Relationships:

 Internal IT and business customers in MSR.

 Global/Local IT Vendor, market and global (HQ) colleagues,

 Internal staff - direct reports (where applicable)

 IT vendors, contractors (where applicable)

Knowledge Skills and Abilities:

 Must have ISO 27001 Lead Implementer and ISO 27701 Lead Implementer

certifications.

 In depth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as

well as UK DPA and ISO 31000

 Good to have certification on CISM (Certified Information Security Manager),

CISSP (Certified Information Systems Security Professional) and Cloud Security

certifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty)

 Familiarity with common vulnerability scanning tools like Qualys (features,

reporting, agent-based vs. network scans) and Cloud Security Posture

Management (CSPM) tools like Wiz (cloud service provider configurations,

misconfigurations, compliance checks in AWS, Azure, GCP).

 Conduct and lead IT DR drills and Tabletop exercises with internal IT teams.

 Hands on knowledge on common security technologies (e.g., firewalls, EDR,

Cloud Security, VAPT tools, SIEM, WAF, DLP, PAM, BAS, encryption etc.,).

 Ability to handle and manage Endpoint, Perimeter, Cloud and Data Security

technical consoles with configuration and fine tuning of policies.

 Understanding of various penetration testing types (e.g., network, web

application, API, mobile, cloud) and methodologies

 Knowledge of common attack vectors and exploitation techniques like MITRE

ATTACK and DEFEND, NIST Cyber Security Framework.

 Excellent technical writing skills for creating clear, concise, and comprehensive

security policies, standards, and procedures.

 Ability to analyse complex risk data and present actionable insights.

 Proficiency with GRC platforms or tools for managing policies, risks, and controls

 Exceptional verbal and written communication skills to articulate complex security

concepts to technical and non-technical stakeholders

 Strong technical skills to diagnose security issues, identify root causes, and

develop effective solutions.

 Ability to develop and deliver engaging security training sessions and awareness

campaigns to internal IT staff.

 Ability to stay updated with the latest security threats, vulnerabilities,

technologies, and regulatory changes.

mail updated resume with salary details-

email: etalenthire@ gmail.com

satish- 88O2749743

Job Type: Full-time

Pay: ₹1,200,022.66 - ₹1,865,134.32 per year

Ability to commute/relocate:

• Gurgaon, Haryana: Reliably commute or planning to relocate before starting work (Preferred)

Application Question(s):

• Do you have certification of ISO 27001 Lead Implementer ?
• current ctc ?
• expected ctc ?
• notice period ?
• current location ?
• would you be comfortable with job location (Gurgaon) ?

Experience:

• Information security: 6 years (Preferred)

Work Location: In person