Lead Analyst

Designation: Lead Analyst -PMG

Roles and Responsibilities:

Develop, implement, and maintain Information Security Management System (ISMS) and Privacy Information Management System (PIMS) policies, procedures, and controls based on ISO/IEC 27001, ISO 27701 (BS 10012), GDPR, CCPA, PDPA, and other relevant standards. Ensure processes align with industry security and privacy standards.

Ensure business continuity planning (BCP) and disaster recovery (DR) frameworks align with security best practices. Perform business impact analysis (BIA) at regular intervals to identify scenarios ensuring continuity of services by collaborating with respective departments such as security operations, and IT.

Handle client assignments for implementation, conduct audits, and support external audits for ISO 27001, ISO 27701, GDPR, SOC 2 Type 2, PCI DSS, CMMC, and HITRUST requirements.

Investigate security incidents and vulnerabilities to identify root causes for effective implementation of measures.

Conduct spot checks to ensure effective implementation of technical and organizational measures.

Support data privacy impact assessments (DPIA) and ensure privacy risk mitigation. Perform risk assessments at the enterprise level, for critical clients, and vendors to identify threats and define risk treatment plans.

Conduct internal audits as per the audit plan and release reports to stakeholders. Collaborate with stakeholders to ensure timely closure of audit findings. And ensure project and department readiness for ISO 27001, ISO 27701, HIPAA, SOC 2 Type 2, and HITRUST external audits.

Collaborate with the Process Management Group for smooth execution of activities associated with different standards and models implemented at the organizational level.

Conduct training at the organization level to educate employees on information security, data protection best practices, and security awareness programs, in collaboration with stakeholders.

Collaborate with stakeholders (clients, projects, legal, security operations, IT, HR, and vendors) to ensure compliance with contractual obligations, privacy laws, and regulatory requirements (e.g., GDPR, CCPA, HIPAA, SOC 2, NIST).

Skills & Certifications:

1. B. Tech, bachelors or masters degree in information security, IT, Computer Science, or related field Certifications (Preferred):

2. ISO 27001 Lead Implementer / Lead Auditor

3. ISO 27701 Lead Implementer / Lead Auditor

4. CISSP, CISA, CISM, or CIPM [ Preferred]

5. Certified Internal Auditor

6. PCI DSS

Experience:

7. 5+ years in information security, Data protection, privacy Laws, risk management, Incident Management etc.

8. Experience in handling client calls w.r.t Information Security and Data protection compliance requirements

9. Experience on client assignments w.r.t ISO 27001 / ISO 27701 / BS 10012 / Risk Management / GDPR / HITRUST / CMMC etc.

10. Hands-on experience in ISO 27001, ISO 27701, GDPR, HIPAA, HITRUST, SOC 2 Type 2, NIST implementation & audits.

11. Experience in handling internal, External audits, Client Audits. And Experience in conducting Vendor risk assessments

Good to have:

ISO 42001 Lead Implementor / Lead Auditor certification

ISO 9001 Lead Implementor / Lead Auditor certification

Experience on ISO 9001, CMMI and ISO 14001 and ISO 45001