Associate Vice President (Information Security Officer), Mumbai

POSITION OVERVIEW The Information Security Officer (ISO) is responsible for strengthening the organization’s information security posture by leading Information Security Management System implementation&management, Vendor Risk Management, risk assessments, cyber resilience initiatives, and audit management. The role ensures robust governance, compliance with regulatory and contractual requirements, protection against data leakage, and effective security awareness across the organization. The ISO acts as a key advisor to business and technology stakeholders on information security risks and controls.ROLE AND RESPONSIBILITIES Information Security Governance&Risk Management• Lead enterprise and project-level Information Security Risk Assessments, including identification, analysis, treatment, and reporting of security risks. • Support project governance by embedding security risk management practices across technology and business initiatives.• Identify, assess, and track project-related security risks, ensuring timely mitigation and risk acceptance where applicable. Vendor Risk Management • Own and operate the Vendor Risk Management (VRM) framework, including due diligence, onboarding assessments, periodic reviews, and exit assessments from Information Security perspective.• Perform security risk assessments of third-party vendors covering data protection, access controls, resilience, and regulatory compliance. • Collaborate with Procurement, Legal, and Business teams to ensure security requirements are embedded into vendor contracts and SLAs. ISO 27001 Implementation&Management• Lead the ISO/IEC 27001 Information Security Management System (ISMS) implementation, operation, and continual improvement. • Maintain ISMS documentation including policies, standards, procedures, risk registers, and control evidence. • Coordinate internal audits, Management Reviews, corrective actions, and surveillance/certification audits.Cyber Resilience• Support and enhance Cyber Resilience programs including incident response, disaster recovery, and business continuity from an information security perspective. • Participate in cyber incident simulations, tabletop exercises, and post-incident reviews to improve organizational readiness.Logical Access Management (LAM)&Data Protection• Review and validate role definitions and access controls defined by the Logical Access Management (LAM) team to ensure least privilege and segregation of duties. • Oversee Data Leakage Management controls including monitoring, policy enforcement, and incident handling relating to data lossor exposure.Security Awareness&Training• Design and drive Information Security Awareness and Training programs for employees, contractors, and relevant third parties. • Promote a strong security culture through campaigns, phishing simulations, and targeted training initiatives. Audit&Compliance Management• Act as the primary point of contact for internal and external audits related to information security. • Coordinate audit responses, track observations, and ensure timely closure of audit findings. • Support regulatory, customer, and contractual security compliance assessments.EDUCATION&EXPERIENCE REQUIREMENTS• Bachelor’s and/ or master’s degree in information technology, Computer Science, Cybersecurity, or a related field. • 8-10 years of experience in Information Security, Risk Management, GRC, or related roles. • Hands-on experience with ISO/IEC 27001 ISMS implementation and audits.• Strong experience in vendor/third-party risk management, audits, and security risk assessments. Certifications (preferred): • ISO/IEC 27001 Lead Implementer / Lead Auditor • CISM, CISSP, CRISC, or equivalent security certifications PREFFERED SKILLS • Strong understanding ofinformation security frameworks and standards (ISO 27001, NIST, COBIT).• Experience in cybersecurity risk, compliance management, and cyber resilience practices. • Ability to communicate security risks effectively to technical and non-technical stakeholders. • Strong documentation, analytical, and stakeholder management skills. • High attention to detail with the ability to manage multiple initiatives simultaneousl