Information Security Compliance Analyst

Position: Information Security Compliance Analyst

Work Location: Mumbai

Key Focus area: Information Security Compliance

Key Responsibilities:

Identify, measure & report security compliance performance against organizational internal and external security compliance requirements

Conduct cyber security internal process and technical assessments and audits periodically against different policies and standards. Track and drive closure of findings. Publish regular compliance status dashboards for management review

Provide support in managing the companys compliance and certification programs like ISMS, SOC, PCI-DSS and annual assessments

Conduct cyber security audits, risk assessments on subsidies/suppliers/third parties to ensure that security and compliance controls are implemented as per company policy and contractual requirements and effectiveness is measured, reported and governed

Support annual audit activity carried out by groups corporate internal audit teams to maintain group corporate reporting requirements on controls relevant to security, availability, processing integrity, and confidentiality.

Frontend external audits conducted by regulatory bodies & customers by working closely with internal teams for preparation and driving the remediation activities.

Improve methods of capturing and presenting status of key compliance requirements in order to provide leadership with clear, concise data to enable appropriate decision making.

Plan and orchestrate compliance review meetings with stake holders at various levels to drive continuous improvement.

Report and prepare presentations on the levels of security compliance risk and control effectiveness to key stakeholders and senior management.

• Monitor the ongoing status of compliance remediation activities for identified risks and internal and external audit/compliance requirements.

Qualification:

B.E./B.Tech in Computer Science or Information Technology

Possession of standard certifications in Information Security or Compliance e.g. CISSP, CISA, CISM, CRISC, GIAC, PCIP, ISA will be preferred

Work experience:

07-10 Years (Combined with 5+ years of related latest experience in IT Security, Governance, Risk, Compliance Audits)

Competencies /Expertise Required (Functional & Behavioral)

• Significant knowledge and experience in Cyber Security domain, ITGC control evaluation, Policies and standards, Regulatory compliance, in-depth understanding of Industry standards and frameworks such as ISO 27001, PCI DSS, COBIT, NIST, ISO 31000.
• Strong security auditing experience
• Expertise in performing IT risk, business impact, control, and vulnerability assessments.
• Good understanding of IT technologies, business applications, including ERP and financial systems. .
• Experience in supporting security controls, compliance, and audit activity within a large provider organization
• Technical knowledge of security architecture of network and data center infrastructure, database, and the associated applications and concepts.
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues
• Strong project management and communication skills (written and oral)
• Advanced written and verbal communication and presentation skills
• Excellent managerial, people management, teamwork, and client service skills