Information Security Engineer - CISSP/CISM/CISA

Job Description - Develop and finalize policies, procedures, and guidelines related to IT and Infosec domains in alignment with industry best practices (ISO 27001 , GDPR and SOC 2) - Align internal IT and Infosec processes as per ISO 27001 and SOC 2 standards and security guidelines - Assist in defining and reviewing the key metrics for management reporting - Develop of cyber security standards, including incorporating industry practices and applicable compliance requirements - Maintain the the security risk register and related policies - Maintain the inventory of IT vendors as per regulatory guidelines. - Develop review checklists, questionnaire, and manage evidences to assist the IT vendor risk management process - Perform 3rd party security due-diligence reviews and periodic vendor risk assessments to assess vendor compliance. - Coordinate with external stakeholders and auditors for IT and Infosec related reviews - Coordinate for conducting periodic penetration testing exercises on in-scope applications and related infrastructure. Coordinate with stakeholders for timely closure of open risks. - Assist in imparting security awareness training and executing phishing simulation exercises to employees. - Assist IT and Infosec in gathering the metrics data and prepare management dashboards - Lead the periodic IT and Infosec governance review meetings and gather feedback for improvement - Assess the existing IT and Infosec processes and provide recommendations to improve - Identify opportunities for IT and Infosec governance automation and lead the continuous compliance initiatives - Support cross-entity teams/group entities to mirror the best practices implemented at the parent entity - Develop templates for incident reporting and manage artifacts. Assist during incident investigation and collaborating with stakeholders. - Audit Coordination: - Coordinate and facilitate SOC 2 audits, acting as the primary point of contact for the external auditor. - Gather evidence and documentation to demonstrate compliance with SOC 2 requirements. - Address any audit findings and implement corrective actions. Key Areas: SOC 2 Type 1 and Type 2, ISO 27001, GDPR ,security governance, vendor security due-diligence, vendor security reviews and assessment, preparation of security checklist, security awareness/phishing simulation, management dashboards, manage key metrics for IT and Infosec, Certifications: good to have - CISSP, CISM, ISO 27001, or CISA (Knowledge and experience in SOC 2 is mandatory) Experience : - Should have 5 - 7 years of experience in information security domain and minimum should have 4 of years in overall IT and Infosec governance related activities. - Must have sound knowledge in defining processes, developing policies, procedures, and guidelines, and preparing management reporting dashboards. - Must have experience in guiding teams with respect to SOC 2 requirements - Developing and implementing enterprise governance, risk, and compliance strategy and solutions - Ability to document and explain details in a concise & understandable manner - Industry recognized certificates relevant to the roles such as SOC 2, ISO 27001 are desired - Ability to lead complex, cross-functional projects, and problem-solving initiatives. - Passionate about IT/information security and update knowledge on daily basis to support the organization - Candidates must have excellent verbal and written communication skills - Familiarity with industry standards and regulations including PCI, ISO27001, SOC 2, GDPR, CIS, NIST is desired. - Candidates from BFSI experience will be preferred - Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security implications Skills : - Candidate should be a good team player - Should have good interpersonal skills - Good written communication skills including ability to develop process documentation and security guidelines. - Ability to apply critical thinking and logic to a wide range of intellectual and practical problems - Ability to maintain composure under pressure and work calmly during an emergency - Ability to manage multiple tasks and schedules (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 10/9/2024