Cyber Security Expert- Independent Officer (Certifications - CISA/CISSP/CISM/ISO27001 LA), South Mumbai

Job Description:

POSITION Cybersecurity Officer

LOCATION Cuffe Parade, Churchgate, Mumbai

ESSENTIAL QUALIFICATIONS

 Bachelor's degree in Computer Science, Information Security, or related field.
 CISM certification is mandatory.
 Additional certifications such as CISSP, CRISC, or CISA are preferred.
 In-depth knowledge of cybersecurity principles, network security, risk management, and incident handling.
 Experience with GRC (Governance, Risk & Compliance) tools preferred.

CRITICAL EXPERIENCE

- Experience: 12+ years in information security including 2 years in a leadership/management role in preferably in Trading and Securities Industry 
- Experience in ISO 27001 and ISO 22301 certifications preferred.

JOB DESCRIPTION / RESPONSIBILITIES

We are seeking a highly skilled and experienced Cybersecurity Officer with a CISM certification to lead, develop, and implement our organization’s cybersecurity strategy. The role requires strategic thinking, risk management expertise, and the ability to oversee security governance and compliance in alignment with business goals.

Key Responsibilities:

Governance and Risk Management

 Develop and maintain cybersecurity policies, procedures, and standards.
 Ensure compliance with relevant laws, regulations (e.g., ISO 27001, SEBI, NSE Regulations), and internal policies.
 Conduct enterprise-wide risk assessments and recommend appropriate mitigation strategies.
 Manage cybersecurity frameworks and risk registers.

Security Program Leadership

 Lead and manage the organization's information security program.
 Develop and enforce security strategies aligned with business objectives.
 Coordinate and support internal and external audits, including SOC 2, ISO 

Incident Response & Monitoring

 Oversee security incident response planning and investigation.
 Lead efforts to detect, respond to, and recover from security breaches or threats.
 Collaborate with IT and SOC teams for real-time monitoring and threat intelligence.

Training and Awareness

 Develop and deliver security awareness training across the organization.

 Promote a security-first culture.

Vendor and Third-Party Risk

 Assess security controls of third-party vendors.
 Work with procurement and legal teams to ensure secure vendor management.

SKILLS AND TRAITS

 Strong knowledge of security standards and frameworks (NIST, ISO/IEC 27001, COBIT).
 Excellent communication and leadership skills.
 Ability to translate technical risks into business language.
 Strong problem-solving and analytical capabilities
 Knowledge of Vulnerability assessment/ penetration testing, compliance audits and verifications
 Good inter-personal and communication skills.