Position: Information Security Compliance Analyst

Work Location: Mumbai

Key Focus area: Information Security Compliance

Key Responsibilities:  

·       Identify, measure & report security compliance performance against organizational internal and external security compliance requirements

·      Conduct cyber security internal process and technical assessments and audits periodically against different policies and standards. Track and drive closure of findings. Publish regular compliance status dashboards for management review

·      Provide support in managing the company’s compliance and certification programs like ISMS, SOC, PCI-DSS and annual assessments

·      Conduct cyber security audits, risk assessments on subsidies/suppliers/third parties to ensure that security and compliance controls are implemented as per company policy and contractual requirements and effectiveness is measured, reported and governed

·      Support annual audit activity carried out by group’s corporate internal audit teams to maintain group corporate reporting requirements on controls relevant to security, availability, processing integrity, and confidentiality.

·      Frontend external audits conducted by regulatory bodies & customers by working closely with internal teams for preparation and driving the remediation activities.

·      Improve methods of capturing and presenting status of key compliance requirements in order to provide leadership with clear, concise data to enable appropriate decision making.

·      Plan and orchestrate compliance review meetings with stake holders at various levels to drive continuous improvement.

·      Report and prepare presentations on the levels of security compliance risk and control effectiveness to key stakeholders and senior management.

• Monitor the ongoing status of compliance remediation activities for identified risks and internal and external audit/compliance requirements.

Qualification:

·       B.E./B.Tech in Computer Science or Information Technology

·       Possession of standard certifications in Information Security or Compliance e.g. CISSP, CISA, CISM, CRISC, GIAC, PCIP, ISA will be preferred

Work experience:

07-10 Years (Combined with 5+ years of related latest experience in IT Security, Governance, Risk, Compliance Audits)

Competencies /Expertise Required (Functional & Behavioral)

• Significant knowledge and experience in Cyber Security domain, ITGC control evaluation, Policies and standards, Regulatory compliance, in-depth understanding of Industry standards and frameworks such as ISO 27001, PCI DSS, COBIT, NIST, ISO 31000.
• Strong security auditing experience
• Expertise in performing IT risk, business impact, control, and vulnerability assessments.
• Good understanding of IT technologies, business applications, including ERP and financial systems. .
• Experience in supporting security controls, compliance, and audit activity within a large provider organization
• Technical knowledge of security architecture of network and data center infrastructure, database, and the associated applications and concepts.
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues
• Strong project management and communication skills (written and oral)
• Advanced written and verbal communication and presentation skills
• Excellent managerial, people management, teamwork, and client service skills