Information Security Officer

As an Information Security & Compliance Officer (Alternate Title: Infosec Auditor & Governance Manager) based in Mumbai, your role will involve managing and coordinating all Information Security audits, responding to auditor/banker queries, tracking remediation timelines, maintaining audit-ready documentation, implementing security controls, and ensuring compliance with ISO 27001, RBI guidelines, CICRA, and other regulatory requirements. Key Responsibilities: - Own end-to-end audit lifecycle across internal, external, partner, and regulatory audits (ISO 27001, RBI, CISA, Bank Infosec teams, CICs). - Liaise with banks, auditors, NBFC partners to provide timely responses and evidence. - Maintain an exhaustive audit tracker with timelines, evidence folders, and closure reports. Prepare documentation and ensure regular reviews of quarterly and half-yearly items (UARs, VAPT, password policy reviews, etc.). - Coordinate implementation and periodic review of security policies such as Information Security Policy, Access Control Policy, Encryption & Cryptographic Policy, Password Policy, Cloud Security Policy, DLP, Antivirus & Patch Management Policy, Data Retention & Disposal Policy, Change Management & SDLC, HR Policy Security Clauses. - Maintain evidence of AWS security group reviews, VPN tools, IDS/IPS deployment, email encryption, endpoint protection software, DR/BCP drills, cloud/network diagrams, and access logs. - Monitor and govern cloud configurations and vendor relationships for AWS, Anti-virus/DLP/MDM/USB blocking tools, VAPT/Penetration Test vendors, and subcontractor compliance with privacy & data sharing agreements. - Maintain updated SOPs, policy documents, declaration forms, signed NDAs, audit reports. Create periodic evidence checklists and trackers. Work with tech & HR to automate compliance triggers. Qualifications: - Bachelors degree in IT, Computer Science, Cybersecurity or equivalent. - Preferred certifications: CISA, ISO 27001 Lead Implementer/Auditor, CEH, or other infosec certifications. Experience: - 3-7 years of hands-on experience in information security audits, IT compliance, or governance roles. - Experience with ISO 27001, RBI IT frameworks, CICRA, or financial sector infosec requirements preferred. Key Skills: - Excellent understanding of IT security domains. - Strong documentation and audit response skills. - Familiarity with AWS cloud, SIEM tools, endpoint protection, patching cycles. - Working knowledge of SDLC and DevSecOps frameworks. - Comfortable working cross-functionally with various teams. - Strong command over Excel trackers, file documentation, and policy drafting. Bonus Skills: - Knowledge of Indian regulatory requirements. - Experience in fintech or BFSI domain. - Familiarity with VAPT report analysis and remediation tracking. Please note that this is a full-time, permanent position with benefits including cell phone reimbursement, health insurance, paid sick time, and Provident Fund. The work schedule is in the day shift with fixed timings. The work location is in person.,