Security Lead - Cyber Assurance & Audits

Company :

Mahindra & Mahindra Ltd Responsibilities & Key Deliverables We are seeking an experienced Security Lead –to lead our Cyber Assurance & Audits initiatives. The ideal candidate will be responsible for developing, implementing, and maintaining security policies, ensuring compliance, and managing risk across the group company. This role requires a strategic thinker with strong expertise in security frameworks, risk assessment, and compliance management. 1. Cyber Assurance - Develop, implement, and maintain

• information security policies, standards, and procedures
• in alignment with industry best practices (e.g., ISO , NIST, DPDPA). - Establish and oversee the
• security governance framework
• to ensure accountability and adherence to security policies. - Conduct
• security awareness training
• for employees and stakeholders. - Lead
• internal and external security audits
• , ensuring compliance with frameworks and contractual obligations. 2. Risk Management : - Perform
• enterprise-wide security risk assessments
• and identify vulnerabilities. - Develop and maintain a
• risk register
• , tracking mitigation strategies and remediation efforts. - Work with stakeholders to
• prioritize risks
• and recommend controls to reduce exposure. - Monitor emerging threats and ensure proactive risk mitigation strategies are in place. 3. Compliance & Regulatory Oversight : - Ensure compliance with
• data protection laws (GDPR, CCPA, HIPAA, etc.) and industry regulations. - Manage
• third-party vendor risk assessments
• and ensure security requirements are met. - Prepare and present
• compliance reports
• to senior management and auditors. - Stay updated on
• evolving cybersecurity laws
• and adjust policies accordingly. 4. Security Controls & Incident Response :
• Oversee the implementation of
• security controls
• to protect organizational assets. - Collaborate with IT and security teams to ensure
• effective incident response and remediation
• . - Conduct post-incident reviews
• and recommend improvements to prevent recurrence. Experience 7+ years in GRC, IT security, or risk management roles - Experience with
• regulatory compliance (GDPR, HIPAA, PCI-DSS, SOX, etc.)
• . Qualifications Bachelor’s or master’s degree in Cybersecurity, Information Technology, Risk Management, or related field. Certifications : CISSP, CISM, CRISC, CISA, ISO LI / LA, or equivalent referred Strong knowledge of
• security frameworks (ISO , NIST CSF, COBIT, etc.)
• Skills - Excellent
• analytical, communication, and leadership
• skills. - Ability to
• translate technical risks into business terms
• for stakeholders. - Proficiency in
• GRC tools (e.g., RSA Archer, MetricStream, One Trust)
• is a plus.