Information Security Officer (ISO)

Job Description

What you'll do We are seeking a highly skilled and motivated Information Security Executive to join our team. The ideal candidate will have in-depth knowledge of ISO 27001, ISO 27701, ISO 27002, ISO 27005, GDPR 2016, and DPDP Act 2023. This role involves preparing and maintaining security policies, processes, and procedures, conducting internal audits, and leading monthly review meetings to ensure our organization remains compliant and secure. - Key Responsibilities Develop and Maintain Security Policies and Procedures: Create, update, and enforce information security policies, processes, and procedures in line with ISO 27001, ISO 27701, ISO 27002, and ISO 27005 standards. Ensure compliance with GDPR 2016 and DPDP Act 2023 regulations. Communicate and train staff on security policies and procedures. - Internal Audits: Plan, conduct, and document internal audits to ensure compliance with established security standards and regulations. Identify and address vulnerabilities and non-compliance issues. Work with relevant departments to implement corrective actions and continuous improvements. - Monthly Review Meetings: Organize and lead monthly security review meetings. Present audit findings, security incidents, and risk assessments to senior management. Monitor and report on the effectiveness of the security measures implemented. - Compliance and Governance: Ensure ongoing compliance with relevant data protection laws and regulations. Stay updated on changes in legislation and standards affecting information security. Liaise with regulatory bodies as needed. Qualifications Bachelor's degree in Information Security, Computer Science, or a related field. Professional certifications will be an added advantage. Proven experience in information security management, particularly in ISO 27001, ISO 27701, ISO 27002, and ISO 27005. Strong understanding of GDPR 2016 and DPDP Act 2023. Excellent communication and interpersonal skills. Strong analytical and problem-solving abilities. Ability to work independently and as part of a team. Skills and Competencies Technical Expertise: Deep knowledge of information security principles, standards, and frameworks. Policy Development: Proficiency in developing and implementing security policies, processes, and procedures. Audit and Compliance: Experience conducting internal audits and ensuring compliance with security standards and regulations. Risk Management: Ability to conduct risk assessments and develop risk mitigation strategies. Communication: Strong ability to communicate complex security concepts to non-technical stakeholders.