Information Security Manager

Position Summary

The Information Security Lead will lead the enterprise security compliance agenda, ensuring full alignment with evolving regulatory frameworks such as ISO 27001, DPDP Act, CERT-IN, ITGC, and ISO / IEC 42001 (AI Governance) . This role is crucial in maintaining client trust, operational resilience, audit readiness, and risk posture across all firm systems, platforms, and third-party integrations.

Key Responsibilities

• Implement ISO 27001 in all offices.
• Lead and maintain ISO 27001 certification , including ISMS policy enforcement, risk treatment plans, SoA, internal audits, and management reviews.
• Implement and monitor compliance with :
• DPDP Act (India)
• CERT-IN Guidelines (incident response, remote access, logging, reporting)
• ITGC Controls (as part of statutory and internal audits)
• ISO / IEC 42001 – AI Governance framework and AI risk registers
• Build and maintain a firm-wide risk register for cyber, privacy, and technology controls.
• Define and review Information Security Policies, Data Classification, Encryption Standards, Third-party Risk , etc.
• Partner with Legal, Risk, and IT teams to map risk ownership and corrective action workflows.
• Own and manage all client security assessments, and due diligence questionnaires .
• Maintain a structured repository of pre-approved responses, certificates, and audit summaries.
• Engage with clients’ cybersecurity teams and support InfoSec audits or certifications demanded during onboarding or renewals.
• Lead GRC and access controls review across all IT systems and applications.
• Lead cyber insurance renewals , manage exposure data, and maintain claim readiness documentation.
• Define and test the incident response plan and conduct periodic tabletop exercises with senior leadership and external advisors.
• Lead BCP for the firm, and ensure it’s regularly tested.
• Ensure alignment with business continuity and disaster recovery strategies.
• Define quarterly and annual Vulnerability Assessment & Penetration Testing (VAPT) plan with top-tier CERT-IN certified vendors.
• Oversee closure of vulnerabilities and tracking of all red / amber findings.
• Coordinate with IT Infrastructure and App teams for secure configuration baselines (servers, endpoints, cloud).
• Track global trends and legal obligations in :
• AI & Data Ethics (align to ISO / IEC 42001)
• Cloud Security (including contractual obligations with SaaS providers)
• Encryption & Logging requirements under CERT-IN
• Draft internal advisories and update control frameworks accordingly.
• Lead the firm’s cybersecurity awareness and phishing simulation program .
• Conduct annual ISMS awareness campaigns and mandatory user certification programs.
• Build a security-conscious culture by regularly engaging with Practice Heads, Partners, and Business Services.

Key Deliverables

Certifications Required

Education

Leadership & Behavioral Competencies