ISMS Manager

Job Summary

Key Responsibilities

• Vendor Risk Management: Oversee the management of all vendors, ensuring compliance with organizational security standards, effective communication, and adherence to service level agreements (SLAs).
• Risk Assessments: Conduct comprehensive risk assessments to identify vulnerabilities within the organization and implement effective mitigation strategies. Regularly evaluate organizational security posture and suggest improvements.
• ISO 27001 Compliance: Lead efforts in ensuring compliance with ISO 27001:2022 standards. Conduct internal audits and support external audits to ensure continuous adherence to the standards.
• Third-Party Risk Management (TPRM): Lead the TPRM onboarding and periodic review processes, ensuring third-party vendors meet required security standards and regulatory compliance.
• Incident and Problem Management: Analyze incidents and problems within the organization, identifying root causes and developing actionable plans to prevent future occurrences.
• Policy and Documentation Review: Review and update organizational policies and procedures to ensure alignment with ISO 27001 and other regulatory requirements. Maintain comprehensive documentation of all security-related activities.
• Collaboration & Reporting: Collaborate with internal teams and external auditors to ensure compliance with relevant frameworks. Prepare and present detailed reports on security incidents, risk assessments, and mitigation strategies.
• Training and Awareness: Facilitate training sessions for internal teams on information security best practices and compliance requirements, ensuring continuous education on security threats and mitigation measures.
  

Key Skills & Requirements

• Proven experience in Information Security, including hands-on experience with ISO 27001, SOC 2, and ITGC frameworks.
• Strong understanding of third-party risk assessments and vendor management.
• Experience in Risk Assessment, Incident Management, and Root Cause Analysis.
• Certification: ISO 27001 Lead Auditor (preferred).
• Proficiency in creating and maintaining security documentation, policies, and procedures.
• Familiarity with NIST, GRC, and SOC 2 frameworks.
• Ability to work under pressure, manage multiple tasks, and handle sensitive information.
  

Educational Qualifications

• Bachelor’s Degree (Mandatory): B.Sc. in Information Technology, Computer Science, Cybersecurity, or related fields. OR B.Tech. / B.E. in Computer Science, Information Technology, or related engineering disciplines.
• Master’s Degree (Preferred): M.Sc. in Information Security, Cybersecurity, or related fields. OR MBA in Information Security (if focused on management aspects of ISMS).
• Languages: English: Full Professional Proficiency Hindi: Full Professional Proficiency