Job Title

About the Role : This is a full-time, on-site role for a Senior Executive in Information Security Management System & Compliance located in Mumbai. You will play a pivotal role in strengthening the organization’s Information Security governance, ensuring compliance with global standards and internal policies. You will support the implementation and maintenance of ISO 27001, NIST CSF, and other cybersecurity governance frameworks, while ensuring that risks are identified, assessed, and mitigated effectively.Roles & Responsibilities : 1. Information Security Governance & ISMS Management · Assist in implementing, maintaining, and supporting continual improvements of ISO 27001, NIST CSF, and the organization’s ISMS. · Draft, review, and update Information Security policies, procedures, and standards as directed. · Monitor and report on security controls, KPIs, and KRIs to support governance activities. · Execute ISMS tasks including risk assessments, corrective‑action tracking, and control effectiveness reviews. 2. Compliance & Regulatory Adherence · Support internal and external audits related to ISO 27001, NIST, and other compliance frameworks. · Coordinate with stakeholders to ensure timely closure of audit findings. · Ensure compliance requirements for data protection and cybersecurity regulations are met across business units. · Maintain compliance documentation, audit trails, and evidence repositories. 3. Risk Assessment & Mitigation · Identify and track information security risks across applications, systems, and business processes. · Work with functional teams to support execution of risk mitigation activities. · Conduct periodic risk assessments, threat evaluations, vendor security reviews, and internal control checks. · Help promote secure practices through structured awareness and communication efforts. 4. Collaboration & Communication · Coordinate with IT, Cybersecurity, HR, Legal, and Business Units to support ongoing GRC initiatives. · Act as an operational liaison for governance and compliance‑related communication. · Prepare reports, presentations, and compliance summaries for review by leadership and auditors. · Contribute to organization‑wide awareness and communication programs. 5. Training & Awareness · Assist in designing and delivery of Information Security training using designated learning platforms. · Manage cybersecurity awareness campaigns (phishing, hygiene, policy updates, regulatory changes). · Work with HR, Communications, and IT to ensure company‑wide participation. · Track training completion rates and document awareness effectiveness.