Taggd
Website:
taggd.in
Job details:
Role Purpose
The ISMS Technical Team Member will be an integral part of the Information Security Governance function, responsible for managing the Information Security Management System (ISMS) across the organisation and group entities. The role involves reviewing and strengthening the information security posture through deployment of People, Process & Technology, providing assurance to Senior Management and Board-level Committees on the management of Information and Cyber Security risks.
3. Key Roles & Responsibilities
A. Cybersecurity Risk Assessment & Monitoring
- Conduct regular risk assessments to identify key IT and Cybersecurity risk areas and ensure actions are taken to mitigate the identified risks.
- Review emerging risk areas intersecting with IT, cybersecurity, and technologies — including Cloud, Artificial Intelligence, Vehicle Security (IEC 62443), Social Media, and OT Security.
- Design and implement data-driven processes and solutions for continuous monitoring of Cyber risks across IT, OT & Vehicle.
- Ensure that business and IT risks/opportunities (including cost-saving and business opportunities) are promptly and accurately identified and communicated to stakeholders.
B. ISMS Governance & Documentation
- Support in developing, maintaining, and continuously improving ISMS-related Technical Documents, Checklists, Policies, SOPs, and Procedures in alignment with ISO 27001, NIST CSF 2.0, and IEC 62443 standards.
- Conduct ISMS internal audits and drive ISMS-related activities across all Ashok Leyland locations (plants, offices, and group entities).
- Support preparation for external surveillance and certification audits (e.g., TÜV SÜD ISO 27001 audits).
C. Technical Security Reviews
- Perform periodic reviews of Security Tool Configurations including E-Mail Security, Wi-Fi, Perimeter Security, Physical Security, DC/DR Environment, Application and Network.
- Review Access Rights for executives and third parties across Active Directory, Email, and Critical Applications.
- Evaluate technical solutions for cyber/information security including Firewalls, EDR/XDR/MDR, SIEM, Zero Trust solutions, IAM solutions, and other security architecture areas.
D. Incident Management & Vulnerability Management
- Review Incident Management processes, identify root causes, and develop remediation plans.
- Identify vulnerabilities, control weaknesses, and non-compliance issues through interviews, document reviews, testing procedures, and other established methodologies.
- Support Vulnerability Assessment & Penetration Testing (VAPT) coordination and remediation tracking.
E. Stakeholder Collaboration & Reporting
- Collaborate with cross-functional stakeholders to remediate identified risks.
- Review and update ISMS audit methodologies and tools based on emerging threats, best practices, and organizational changes.
- Contribute to Board-level / Audit Committee reporting on information and cybersecurity risk posture.
- Support initiatives related to Cyber Maturity Score enhancement.
5. Qualification Requirements
A. Education
Criteria
Requirement
Essential
B.E. / B.Tech in Computer Science, Information Technology, Electronics, or related discipline OR MCA / M.Sc. (IT/CS)
Preferred
MBA / Post-graduate diploma in Information Security or Cybersecurity
B. Certifications (at least one mandatory; additional preferred)
Priority
Certification
Highly Preferred (Atleast two)
CISA (Certified Information Systems Auditor), CISSP, CISM, CEH, CompTIA Security+, CRISC
C. Experience
Criteria
Requirement
Total Experience
2-4 years in Information Security / Cybersecurity / IT Audit
Relevant Experience
Minimum 2 years in IS Technical domain
Industry Preference
Manufacturing, Automotive, or large-scale enterprise environments
Domain Exposure
Experience with/handling risks, vulnerability management, privacy, and other Cyber/Information security system reviews
D. Technical Skills & Knowledge (Preferable)
Area
Expected Competency
ISMS Frameworks
ISO 27001, NIST CSF 2.0, IEC 62443, COBIT
Security Tools
Firewalls, EDR/XDR/MDR, SIEM (e.g., Splunk, QRadar), Zero Trust Architecture, IAM solutions
Risk & Compliance
Cyber/Information Security Governance, Risk Management & Compliance (GRC) tools
Infrastructure
Active Directory, Network Architecture, DC/DR environments, Cloud Security (AWS/Azure)
Assessment
VAPT coordination, Threat modelling, Security configuration reviews
Data Analytics
Ability to leverage data-driven approaches for continuous monitoring of IT & Cyber risks
Emerging Tech
Awareness of AI/ML security implications, Vehicle Cybersecurity, OT/ICS Security
E. Soft Skills & Competencies
- Analytical Thinking — Ability to assess complex security scenarios and provide actionable insights.
- Communication — Strong written and verbal communication skills for stakeholder engagement and board-level reporting.
- Collaboration — Proven ability to work across functions in a matrixed environment.
- Self-driven & Detail-oriented — Ability to independently manage audit schedules, compliance timelines, and risk registers.
- Continuous Learning — Willingness to stay updated on evolving threat landscape, regulatory requirements, and industry best practices.
Click on Apply to know more.