Key Responsibilities: Design and lead the implementation of the Information Security Management System (ISMS) based on ISO27001 and related frameworks. Oversee and continuously improve Vulnerability Management (VM) and remediation efforts. Manage Security Operations Center (SOC) activities, including threat monitoring, incident response, and log analysis. Coordinate and lead audit compliance efforts, including SOC2, PCI DSS, ISO27001, SOX, GDPR, HIPAA, and ISO9001. Conduct vendor risk assessments and support third-party risk management initiatives. Define and monitor security KPIs and metrics, and report security posture to senior leadership. Develop and enforce security policies, procedures, and standards. Support application and infrastructure security through proactive collaboration with DevOps and Engineering teams. Serve as a key advisor during client security reviews and due diligence processes. Drive security awareness and training programs for employees.

 

Ideal Candidate: Bachelor's or Master’s degree in Information Security, Computer Science, or a related field. 7–8 years of hands-on experience in Information Security and risk management roles. Strong understanding of security principles, frameworks, and compliance standards (ISO27001, SOC2, etc.). Experience with SIEM, EDR, vulnerability scanners, and threat intelligence platforms. Demonstrated experience handling security incidents, root cause analysis, and mitigation. Excellent knowledge of cloud security (AWS, Azure, or GCP) and modern DevSecOps practices. Familiarity with data protection regulations like GDPR and HIPAA. Exceptional communication, leadership, and stakeholder management skills. Industry certifications such as CISSP, CISM, and ISO27001 Lead Implementer/Auditor are highly desirable.

 

Preferred Qualifications: Prior experience leading SOC teams or managing external vendors. Knowledge of secure SDLC and application security testing (SAST/DAST). Background in implementing and auditing vendor risk management frameworks. Experience working in high-growth SaaS environments.