Information Security Compliance Officer

Techkraft Inc. Pvt. Ltd. is seeking a detail-oriented and experienced Information Security Compliance Officer (ISCO) with a strong background in compliance and risk management.The ideal candidate will have at least 3 years of hands-on experience in information security compliance, including a solid understanding of ISO 27001:2022. The role involves overseeing the organization’s ISMS, conducting risk assessments, recommending treatment plans, and collaborating across departments to ensure continued compliance and security posture improvement.

Key Responsibilities:

• Maintain and enhance the Information Security Management System (ISMS) in accordance with ISO 27001:2022 standards, driving continuous improvement through regular reviews and updates.
  
• Conduct regular risk assessments, document findings, and develop and implement risk treatment plans to mitigate identified risks.
  
• Lead internal ISMS audits, support external audits for certifications and client assessments, and ensure timely resolution of audit findings.
  
• Collaborate with department heads and senior management to ensure security controls and compliance measures are understood, implemented, and aligned with organizational objectives.
  
• Monitor and report on ISMS metrics and compliance status.
  
• Develop, update, and review information security policies, procedures, and documentation to ensure alignment with standards and regulations.
  
• Design and deliver comprehensive security awareness programs, including role specific training and phishing simulations, and measure their effectiveness to foster a security-aware culture.
  
• Oversee and coordinate responses to information security incidents, including root cause analysis, corrective actions, and compliance with regulatory and contractual reporting obligations.
  
• Stay informed of changes in information security and privacy regulations, standards, and emerging threats, and recommend updates to the ISMS to address them.
  
• Act as a point of contact for regulators, clients, and auditors regarding information security compliance, and present ISMS performance to senior management and the board.
  

Qualifications:

• Bachelor's degree in information security, Computer Science, or a related field.
  
• Minimum 3 years of experience in information security compliance or ISMS-related roles.
  
• Strong understanding of ISO 27001:2022 requirements.
  
• ISO 27001 Lead Implementer or Lead Auditor certification is highly preferred.
  
• Experience in risk assessment, mitigation planning, and compliance reporting.
  
• Excellent communication and collaboration skills.
  
• Strong analytical and problem-solving abilities.
  
• Ability to work independently and manage multiple priorities.