← Back to jobs
Pune, MH, India
No related jobs found
KEY RESPONSIBILITIES
Develop, maintain, and communicate Information Security Policy suite across portfolio
Build and manage technology risk registers for each portfolio company
Conduct annual vendor risk assessments and enforce security clauses
Lead data classification program rollout across all portfolio entities
Coordinate ISO 27001 and SOC 2 compliance efforts where applicable
Track policy exception requests, risk acceptances, and control deficiencies
Facilitate governance forums and prepare board/exec-level risk reporting
Manage security awareness training programs and phishing simulation schedules
Perform internal control assessments and maturity re-evaluations annually
REQUIREMENTS & SKILLS
Bachelor's in Information Systems, Law, or Risk Management
5+ years in GRC, audit, or InfoSec compliance roles
Strong knowledge of ISO 27001, NIST CSF, SOC 2, GDPR frameworks
Experience with GRC tools (ServiceNow, Archer, Vanta, Drata, OneTrust)
Excellent documentation and policy writing skills
Ability to translate technical risks into business language for executives
Certifications preferred: CISM, CISA, CRISC, ISO 27001 Lead Implementer
Experience in multi-entity or portfolio-level governance environments
Strong stakeholder management and cross-functional communication skills
Bachelor's degree
No related jobs found
← Back to jobs