Information Security Engineer

Job Overview:

- The Information Security Officer is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

- The Information Security Officer will work closely with senior management, IT, and other departments to identify, develop, implement, and maintain processes across the organization to reduce information and IT risks.

Key Responsibilities:

Leadership:

Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.

Provide leadership and guidance to the information security team and coordinate with other departments to ensure alignment with business objectives.

Risk Management:

Identify, assess, and prioritize information security risks, and oversee the development and implementation of security measures to mitigate these risks.

Ensure compliance with regulatory requirements and industry standards (e.g., GDPR, ISO 27001).

Policy Development:

Develop and maintain information security policies, procedures, and standards that reflect best practices and meet regulatory requirements.

Conduct regular reviews and updates of security policies and procedures.

Incident Response:

Lead the incident response team and manage the investigation and resolution of security breaches and incidents.

Develop and implement a robust incident response plan and conduct regular drills and training sessions.

Security Awareness:

Promote security awareness and education across the organization.

Conduct regular training sessions and workshops for employees to ensure understanding of security policies and best practices.

Provide training to developers on secure coding practices and security compliance requirements.

Collaborate with external stakeholders, including vendors, partners, and regulatory bodies, to enhance the organization's security posture.

Coordinate with CERT-In empaneled agencies to conduct regular Vulnerability Assessment and Penetration Testing (VAPT).

Secure Development:

Implement and promote secure coding standards across development teams.

Ensure that software development processes include security checks and compliance with best practices.

Reporting:

Provide regular updates to the executive team and board of directors on the status of the information security program and emerging risks.

Prepare and deliver reports and presentations on security metrics, incidents, and compliance.

Experience and Education:

• Bachelors degree in computer science, Information Technology, Cyber security, or a related field, master’s degree preferred.
• CISSP, CISA, CISM, GIAC, PPM, PMP, DISA or equivalent IT audits related qualification is preferred.
• 5 or more years of experience in IT audits preferred (with min 2-3 years in a team management role).
• Strong knowledge of IT security and infrastructure. Experience of working / auditing in agile product management environments.
• 3 to 5 years of Fintech or NBFC industry experience with good expertise of RBI and / or IRDAI guidelines on IT frameworks & sensitive data protection is preferred.
• Experience in conducting VAPT with CERT-In empaneled agencies.

Please share resume to ashika.j@credright.com