Sr Manager-ISMS

Position: Senior Manager

Location: Navi Mumbai

Roles and Responsibilities

Attend Client Audit and ensure to meet Client Information security compliance

€ Work with OPS & support teams and work on Information security client requirements

€ Implement InfoSec strategies. Coordinate governance activities. Support execution of initiatives approved by GM/CISO

€ Draft, review, and update InfoSec policies, standards, and procedures. Ensure operational implementation.

€ Perform risk assessments, maintain risk register, recommend treatment plans, and prepare risk reports.

€ Execute compliance programs, manage audits and evidence collection, and address observations and remediations.

€ Oversee daily security operations including monitoring (SOC), endpoint security, SIEM alerts, and incident response.

€ Manage incident detection, triage, investigation, containment, and reporting. Coordinate with IT/Infra for resolution.

€ Implement and monitor IAM systems. Conduct periodic access reviews and enforce least privilege.

€ Coordinate and manage VAPT, red teaming, code reviews. Track and close findings with application/infra teams.

€ Conduct user awareness sessions, phishing simulations, and track training completion metrics.

€ Perform vendor risk assessments, ensure compliance with security requirements, and maintain third-party risk logs.

€ Participate in BCP planning and testing. Ensure cybersecurity dependencies are covered and tested.

€ Propose tool and resourcing requirements. Track cost-effectiveness and performance of implemented controls.

€ Lead InfoSec team, coordinate with IT, DevOps, Compliance, and HR teams for control implementation.

€ Prepare and maintain operational security metrics. Submit reports for leadership review

Lead and manage ISO 27001, regulatory audits including RBI, Audits, inspections, CERT-In assessments, and client-driven security audits and reviews.

Ensure robust governance and compliance with frameworks such as ISO 27001, PCI-DSS, and sector-specific guidelines.

Liaise effectively with external auditors and internal stakeholders to ensure timely and successful audit closures including coordinating with vendors for VAPT closures.

Drive implementation of actionable recommendations emerging from audits and assessments.

Strengthen our preparedness and evidence readiness for third-party risk assessments and regulatory inspections.