Senior Analyst

Job Description:

• Enhance the security, resilience, and reliability for IT Security, Risk Management, Regulatory & Compliance (ISO, RBI Guidelines, Cert-IN Implementation, ISMS Audits – internal & external etc.), Network Security & Platform Defense, Security Operations, Security Monitoring
• Developing and implementing Enterprise Security Strategy Governance Frameworks, Standards, Policies
• Experience in managing security audits, such as, ISO 27001, SOC 1, SOC2
• In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO audits, reviewing control evidence for completeness and accuracy, and ensuring evidence provided to auditors satisfies control requirements
• Develop GRC deliverables, execute Security Strategy, Frameworks, Policies, Assessments, Solutions etc and lead their implementation either onsite or remotely dependent upon the business requirements and preferred working practices
• Continuously monitor adherence to the implemented security controls and perform optimization as necessary.
• Review effectiveness of application security solutions, vulnerability remediation, and vulnerability management. Provide oversight to all security operation initiatives and Security controls assessments.
• Perform security gap analysis and risk assessment for Platforms, Applications, Networks, Databases across all departments
• Work closely with business and technology teams to help articulate and communicate the InfoSec governance programme, identify risks and threats, and evaluate and help implement controls and improvements
• Analyze and assess impact to the data/infrastructure as a result of security incidents, examine available recovery tools and processes, and recommend solutions.
• Project management experience in the areas of IT Risk, Compliance, and security operations. Ability to plan and manage multiple GRC and Security engagements.

Roles and Responsibilities:

• Develop and review information security policies and principles that will ensure Data Security and Privacy, Confidentiality, Integrity & Availability and appropriate use of the company’s information assets
• Implement and maintain ISO 27001 Framework and Information Security Management System (ISMS)
• Ability to plan and lead meetings with internal team and clients
• Prepare detailed and summary reports of assessments, and remediation plans as needed and advise internal stakeholders
• Ensuring any customer requirements are adequately addressed as part of Infosec objectives.
• Driving GRC objectives with department heads, ensure departments aligned with GRC objectives
• Conduct technology risk assessments across departments on periodic basis to ensure compliance with standards and guidelines
• Facilitate internal audits and support external audits to identify weaknesses in processes and controls and implement corrective action plans
• Review threat assessment landscape and security issues using tools/technology/frameworks like DLP, WAF, CICD, Firewall, IPS/IDS tuning, IAM & PAM, DRM, NAC, SIEM & DNS, ITSM and CMDB to enhance security operations and to remediate network security risks.
• Ensure accurate and timely reporting to regulatory authorities, stakeholders, and senior management on risk and compliance related matters
• Conduct knowledge sharing sessions for the Cyber Security team as well as the extended teams within the organization.
• Develop and implement plans for review of data breaches, ensuring that incident management is effectively addressed

Qualification and experience:

• Graduate/Post Graduate degree in Information Management and Security, Computer Science
• Proven experience as a Security Manager or in a similar role.
• 10+ years of experience in managing data security practices and technologies 
• Understanding and experience with ISO 27001, PCI DSS, SOC2 & CSA STAR
• Experience or understanding of governance, risk and compliance (GRC) processes and solutions.
• Experience in information security and auditing.
• Experience in RBI, CERT-IN and other regulatory guidelines
• Desired certifications CISA, CISM, ISO 27001
• Strong Communication skills