Evaluate and Enhance Security Infrastructure: Assess and document information security policies, processes, and technical controls.
Develop, implement, and maintain policies, procedures, and standards based on industry best practices (e.g., ISO 27001, NIST, PCI DSS).
Modify existing documentation to align with industry standards, best practices, and regulatory requirements (e.g., RBI, IT Act).
Risk Assessment and Management: Conduct security risk assessments of information systems, infrastructure, and applications. Perform technology-based gap risk assessments and third-party risk assessments. Identify, document, and maintain an information security risk register.
Compliance and Enforcement: Ensure rigorous enforcement of security policies and standards. Perform compliance checks for user access management and security hardening standards. Prepare compliance reports and remediation plans based on periodic reviews.
Vendor Due Diligence and Third-Party Risk Management: Conduct vendor due diligence assessments to identify security weaknesses and gaps. Provide oversight and facilitate continuous improvement of third-party risk management programs and processes.
Security Awareness and Training: Conduct security training sessions and presentations for company personnel. Drive security awareness initiatives and regular training on security policies and requirements.
Data Loss Prevention and Compliance Monitoring: Monitor and maintain compliance of Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions. Perform compliance checks during the Software Development Life Cycle (SDLC) and ensure adherence to access control and data sanitization standards.
Audit Representation and Security Control Automation: Participate in internal and external audits, providing representation of the companys security posture. Influence security control automation efforts to enhance security and compliance scalability.
Qualifications
2 to 5 years of technical experience in the Information Security area with specialization in Governance, Risk, and Compliance (GRC) domains.
A Bachelor s degree in Information technology or a related discipline, or equivalent work experience
Exceptional written and interpersonal communication skills
Proficiency in security policy management and a deep understanding of security standards and frameworks, such as ISO 27001, NIST, PCI DSS, ITIL and COBIT
Knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Vulnerability Management, Penetration testing, Access/Entitlements Management, or Web Services is very desirable
Strong knowledge of core security principles such as least privilege access, defense in depth, preventative vs. detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response.
Possession of information security certifications, such as CISSP, CISM, CRISC, CEH, or ISO 27001, demonstrates expertise and will be an added benefit.
Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
Remain vigilant while continuing to maintain and enhance the overall security of slice and the clients receiving our services.
Maintain awareness about the potential risks based on the business requirements they are operating in.