CIMET - Information Security Officer - SIEM (5-8 yrs)

We are looking for a highly skilled Information Security Officer (ISO) to lead and implement ISO 27001 compliance, cybersecurity strategies, and risk management within our organization. The ideal candidate will establish and maintain security policies, manage information security risks, and ensure compliance with regulatory standards like SOC2, GDPR, and NIST frameworks.

Key Responsibilities :

ISO 27001 Implementation & Compliance :

- Develop, implement, and maintain an Information Security Management System (ISMS) aligned with ISO 27001 standards.

- Conduct ISO 27001 gap analysis, risk assessments, and audits to ensure compliance.

- Define and enforce information security policies, procedures, and controls to safeguard data integrity, confidentiality, and availability.

- Drive ISO 27001 certification efforts, ensuring successful audits and continuous improvements.

- Lead security awareness training programs for employees to enhance the organization's security posture.

Cybersecurity Strategy & Risk Management :

- Develop and implement a cybersecurity strategy to protect against threats, vulnerabilities, and attacks.

- Conduct regular penetration testing, vulnerability assessments, and security audits to identify and mitigate risks.

- Implement Zero Trust architecture, access control mechanisms, and security best practices across IT infrastructure.

- Monitor threat intelligence, security incidents, and cyber threats, responding with effective mitigation strategies.

- Ensure security of cloud infrastructure (AWS, Azure, GCP) by enforcing IAM policies, encryption, and secure configurations.

- Establish and manage a Security Incident Response Plan (SIRP) for rapid threat detection and mitigation.

Regulatory Compliance & Governance :

- Ensure compliance with ISO 27001, SOC2, GDPR, NIST, PCI-DSS, and other industry security frameworks.

- Collaborate with internal teams to align security policies with business operations and regulatory requirements.

- Work with external auditors and security consultants to maintain compliance certifications and regulatory audits.

- Develop and maintain security metrics, dashboards, and reports for leadership and regulatory bodies.

Security Operations & Monitoring :

- Oversee SIEM (Security Information and Event Management) solutions for real-time threat detection.

- Implement and manage Intrusion Detection & Prevention Systems (IDS/IPS), firewalls, and endpoint security solutions.

- Develop and enforce incident response, disaster recovery, and business continuity plans.

- Ensure data protection, encryption, and secure backup strategies are in place for all critical systems.

Preferred Experience & Qualifications :

- 5+ years of experience in information security, cybersecurity, or compliance roles.

- Strong expertise in ISO 27001 implementation, auditing, and certification.

- Hands-on experience with security risk assessments, vulnerability management, and threat modeling.

- Deep understanding of cybersecurity frameworks (SOC2, NIST, CIS, GDPR, PCI-DSS).

- Experience with SIEM solutions (Splunk, ELK, QRadar, or similar) for security monitoring.

- Knowledge of firewalls, IDS/IPS, endpoint protection, and cloud security best practices.

- Strong understanding of IAM, network security, encryption, and access control policies.

- Certifications like CISM, CISSP, CISA, CEH, ISO 27001 Lead Auditor/Implementer are highly preferred.

- Strong problem-solving, communication, and stakeholder management skills.