Information Security Engineer (13-15 yrs)

Job Title : Information Security Engineer

Location : Chennai, Bangalore, Hyderabad

Experience : 13+ years

Job Summary :

We are looking for an experienced Information Security Engineer to lead and manage security audits, risk management, and compliance initiatives.

The ideal candidate will have extensive knowledge of security frameworks, regulations, and security technologies to ensure compliance with industry standards such as ISO 27001, HIPAA, SOC 2, PCI DSS, GDPR, and ISO 22301.

Key Responsibilities :

- Security Audits & Compliance : Conduct and manage security audits including ISO 27001, HIPAA, SOC 1, SOC 2, PCI DSS and ensure compliance with security policies and regulations.

- Risk Management : Assess security risks, define risk mitigation strategies, and ensure the implementation of risk management frameworks.

- Technical Audits : Independently perform technical security audits and analyze security exceptions to document risks and propose compensating controls.

- Security Controls Implementation : Define and implement security controls in accordance with enterprise policies, standards, and industry best practices.

- Incident Management : Analyze potential threats and vulnerabilities, communicate risks to business units, and recommend security solutions.

- Collaboration & Training : Provide orientation and training to business units on Risk Assessment, Business Continuity Plan (BCP), and Business Impact Analysis (BIA).

- Business Continuity & ISMS Audits : Facilitate business continuity planning for projects, conduct ISMS and BCMS audits, and identify gaps in security frameworks.

- Evidence & Documentation : Review audit evidence, ensure completeness and accuracy, and support audit planning with external auditors.

- Continuous Monitoring : Establish a continuous monitoring function to proactively address security risks and regulatory changes.

- Reporting & Advisory : Prepare detailed reports of security assessments, document remediation plans, and provide expert advice to internal stakeholders.

Required Skills & Experience :

- 13+ years of experience in Information Security and Business Continuity.

- Hands-on experience with security technologies, techniques, tools, and frameworks.

- Strong knowledge of ISO 27001, ISO 22301, PCI DSS, HIPAA, GDPR, SOC 2.

- Proven experience in conducting internal security audits and compliance assessments.

- Ability to work independently and manage multiple security-related tasks.

- Strong technical knowledge of cybersecurity products.

- Excellent communication skills to interact with stakeholders and external auditors.

- Experience with security risk analysis, impact assessment, and remediation planning.

- Ability to analyze security exceptions, document risks, and propose mitigation strategies.

Preferred Qualifications :

- Security certifications (CISSP, CISA, CISM, ISO 27001 Lead Auditor, etc.).

- Experience working with enterprise risk management tools.

- Knowledge of emerging cybersecurity threats and mitigation strategies.

- Experience with cloud security and modern cybersecurity frameworks.