Wait, What Do You Do?

<p style="font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; white-space: normal; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial; box-sizing: inherit; color: rgba(0, 0, 0, 0.9);"><strong>Roles and Responsibilities:</strong></p><ul style="color: rgb(34, 34, 34); font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; white-space: normal; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;" type="disc"><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Ensure Compliance with the Regulatory requirements w.r.t the Information and Cyber Security requirements - RBI, UIDAI, CIC, etc.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Identify and develop the InfoSec Policy, Processes, and Procedures to incorporate the industry benchmarks / best practices and the latest trends.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">To identify, track, monitor & ensure compliance with InfoSec Policy, Regulatory, Legal & Audit requirements.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">To develop & manage InfoSec Training & awareness.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Work with respective stakeholders to ensure that the Policy/Procedures, regulatory, legal & audit requirements for Information and cyber security are understood and implemented on a continual basis.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Monitor & track the compliance to all relevant processes/practices to ensure that they are followed as desired.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Liaison with internal and external Security Audits and assessments – VAPT, GDPR/ISO 27001 compliance.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Establish continual improvement processes to mitigate identified gaps & improve overall maturity<strong> </strong>to provide adequate assurance.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Establish security metrics based on agreed KGIs/KPIs to monitor & track compliance.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Escalate deviations and violations on time.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Remain updated with the latest security trends and related regulatory & legal requirements.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">To maintain the required security posture for cloud security, primarily AWS & GCP</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">To maintain & improve code security & DevopsSec practices</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">To maintain & improve the endpoint security, by bringing in DLP and data classification practices.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">To review and improve email, apps & network security.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">To run periodic phishing campaigns.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">To respond third-party risk assessment questionnaire</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Perform Independent Internal Audit and assessment in line with Regulatory requirements - RBI, UIDAI, CIC, V-CIP, DLG, etc.</li></ul><p style="font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; white-space: normal; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial; box-sizing: inherit; color: rgba(0, 0, 0, 0.9);"> </p><p style="font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; white-space: normal; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial; box-sizing: inherit; color: rgba(0, 0, 0, 0.9);"><strong>Key Skills and Qualifications</strong></p><ul style="color: rgb(34, 34, 34); font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; white-space: normal; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;" type="disc"><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Bachelor of Engineering/Computer Science or equivalent from a recognized University</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">The ability to interact efficiently with peers and customers is required.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">4-6 years with relevant experience in establishing & managing InfoSec Governance and compliance.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Should have sound knowledge & experience in developing Enterprise Frameworks, Policies, and Processes by adopting Industry Best Practices and standards like ISO27001, and Regulatory Guidelines.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Should have strong analytical and communication skills.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Should have sound knowledge, experience & understanding of Compliance Management.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Should have the ability to develop and effectively measure, and present Dashboard/reports with or without GRC tools.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Should have experience in developing InfoSec awareness programs and rendering InfoSec awareness sessions.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">An individual with 2-3 years of IT experience in Cloud Security would be preferred.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">Candidates with professional security certificates like CISA, CISM, and ISO27001 Lead Auditor would be preferred.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">A good understanding of cloud security, AWS, and GCP is a must to have.</li><li style="margin: 0px 0px 0px 1.6rem; box-sizing: inherit;">A good understanding of the Data Privacy Framework - GDPR, India Data Privacy Act, etc.</li></ul><div><br></div><div><br></div><div><br></div><div><br></div><div>Disclaimer:<br>This job description is intended to outline the general nature and key responsibilities of the position. It is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the role. The responsibilities and qualifications described may be subject to change, and other duties may be assigned as needed. Employment is at-will, meaning the employee or the employer may terminate the employment relationship at any time, with or without cause, and with or without notice.<br><br>Data Utilization Disclaimer:<br>By applying for this position, you acknowledge and agree that any personal data you provide may be used for recruitment and employment purposes. The data collected will be stored and processed in accordance with our privacy policy and applicable data protection laws. Your information will only be shared with relevant internal stakeholders and will not be disclosed to third parties without your consent, unless required by law.</div>

Senior Information Security Analyst-(Risk and Regulatory Tech Complainance)