Information Security Lead - Risk & Compliance (4-7 yrs)

Job Description :

We are looking for a lead in the Infosec, Risk, and Compliance team to lead the development, implementation, and maintenance of Infosec across various functions of the organization, as well as handle info-sec audits.

Responsibilities :

- Be an SME for all applicable regulations, guidelines, and industry best practices to manage InfoSec, Risk, and Compliance in the organization.

- Be the single point of contact for all external entities related to Security and Compliance, as well as respond to third-party risk assessment questionnaires.

- Owner of all InfoSec documentation such as policies, standards, and procedures.

- To identify, track, monitor, and ensure compliance with InfoSec Policy, Regulatory, Legal, and Audit requirements.

- Perform Independent Internal Audit and assessment in line with Regulatory requirements - RBI, REBIT, V-CIP, DLG, etc.

- Liaison with internal and external Security Audits and assessments VAPT, GDPR/ISO 27001 compliance, SOC2

- Maintain the required security posture for cloud security and IT.

- Assist the CISO in driving security controls across all organization functions including IT/HR/Sales.

- Maintain and improve code security and DevopsSec practices.

- Maintain and improve the DLP across endpoints and servers.

- Review and improve email, apps, and network security.

- Develop and manage InfoSec Training and awareness, and run periodic phishing campaigns.

Requirements :

- 4-8 years of experience in establishing and managing InfoSec, Governance, Risk, and Compliance in areas of System Security, Network Security, Risk and Compliance Management.

- Bachelor of Engineering/Computer Science or equivalent from a recognized University.

- Good Technical understanding of Systems, Networks, Firewalls, IT Apps, and their security.

- Auditing experience in ISO-27001 SOC2 is a must.

- Experience with AWS Security and Compliance.

- Prior experience in the Banking and Financial domain is preferred.

- Exposure to Endpoint Security, Network Security, DLP, SIEM, etc.

- Prior Software Development Experience is preferred.

- Should have strong analytical and communication skills.

- Should have experience in developing InfoSec awareness programs and rendering InfoSec awareness sessions.

- A good understanding of the Data Privacy Framework - GDPR, India Data Privacy Act, etc.

- Candidates with professional security certificates like CISA, CISM, and ISO27001 Lead Auditor would be preferred.