Bestkaam Logo
Back to Jobs
Jeavio

Information Security Manager

Actively Reviewing

Jeavio

Vadodara Full-Time 4–8 yrs exp Posted 9 hours ago  · Apply by Sep 14, 2026

Jeavio is a technology services company that specializes in providing innovative solutions to businesses. We work at the intersection of technology and business, helping organizations leverage cutting-edge tools, including AI, to drive growth and efficiency


The Information Security Manager will be the primary custodian of the organization’s Information Security Management System (ISMS) and will act as the de facto Data Protection Officer (DPO). Reporting directly to the Head of Information Security, this is a highly visible, hands-on role. The ideal candidate will bridge the gap between our engineering adherence and our clients’ strict compliance expectations (HIPAA, HITRUST, SOC 2, GDPR etc). This individual will personally own the end-to-end security compliance posture, external audits, and client vulnerability/security questionnaires.


Key Responsibilities

1. ISMS Documentation & Document Control

  • Own the Statement of Applicability (SoA) — control selection, applicability, and justifications for all Annex A controls.
  • Version-control all ISMS policies, procedures, and standards; ensure timely review, approval, and accessibility.
  • Maintain the ISMS evidence library and records in support of surveillance and recertification audits.


2. Risk Management & Treatment

  • Own the risk assessment and treatment process; facilitate periodic assessments with Asset Owners.
  • Maintain the risk register and track treatment plans to completion; report residual risk to the Head of Information Security.
  • Support business impact analysis (BIA) and disaster recovery planning (DRP) from an ISMS perspective.


3. Audit Coordination & Management Review

  • Plan the annual internal audit programme; ensure auditor independence and track corrective actions to closure.
  • Serve as primary liaison for Stage 1, Stage 2, and surveillance audits with the external certification body.
  • Prepare and coordinate the ISO 27001 management review — inputs, facilitation, and recorded outputs.


4. Security Awareness & Training

  • Design and deliver the annual security awareness programme for all staff, contractors, and third parties.
  • Develop role-specific content for developers and privileged users; coordinate phishing simulations.
  • Maintain training completion records as ISMS evidence.


5. Compliance Monitoring & Reporting

  • Monitor ISMS KPIs and control effectiveness; report to the Head of Information Security and senior leadership.
  • Lead ISO/IEC 27001 compliance and support alignment with NIST CSF, SOC 2, GDPR, and other applicable frameworks.
  • Manage third-party vendor security assessments and supply chain security obligations

6. Continual Improvement

  • Log, analyse, and convert non-conformities, incidents, and audit findings into corrective actions; track to closure.
  • Report improvement trends at management reviews; periodically update ISMS scope, context, and objectives.


7. Stakeholder Management

  • Collaborate with IT, HR, Finance, and Engineering on information security matters.
  • Prepare security programme updates and risk summaries for the Head of Information Security and senior leadership.
  • Manage relationships with external auditors, security vendors, and consultants.


Security & Compliance Responsibilities

As part of our commitment to ISO 27001 certification, the candidate must:

  • Secure Data Handling: Ensure secure data handling practices, including robust encryption at rest and in transit, and strictly managed access controls.
  • Leakage Prevention: Design and build secure data pipelines specifically engineered to prevent data leakage.
  • Policy Adherence: Strictly follow all data privacy, governance, and organizational ISO 27001 policies.
  • Risk Management: Continuously monitor, log, and manage potential security risks within all data systems.
  • Audit Readiness: Support audit readiness initiatives and uphold rigorous data protection standards.


Required Qualifications

  • 5–8 years in information security with a significant focus on governance, risk, and compliance (GRC).
  • Hands-on experience implementing, maintaining, or auditing an ISO/IEC 27001 ISMS.
  • Experience coordinating internal/external audits and managing corrective action programmes.
  • Hands on experience working with 3rd party security assessments and questionnaires
  • Strong grasp of document control, risk methodology, and the PDCA cycle.
  • Working familiarity with network, cloud, and application security sufficient to govern controls.
  • Clear written and verbal communication for both technical and non-technical audiences.


Preferred Qualifications

  • Hands on experience working with GDPR, HIPAA, HITRUST and/or SOC2 frameworks
  • ISO/IEC 27001 Lead Implementer or Lead Auditor Certification
  • CISM/CISSP/CCSP Certification