Information Security Specialist

Designation - Information Security Specialist

Location - Address : 4th Floor, NCC Windsor, International Airport Road, opposite Flying Club, Yashoda Nagar, Jakkur, Bengaluru, Karnataka

Job Type : Full Time

Job Summary :

We are seeking a skilled and proactive Information Security Specialist to join our Internal IT

team. This role will be pivotal in developing, streamlining, and maintaining the

organisations Information Security Management System (ISMS) and leading the

implementation of ISO 27001 standards and the regulations that the business needs to

comply with, like GDPR, DPDP Act. The ideal candidate will have a strong understanding of

information security frameworks, risk management, and compliance requirements.

Key Responsibilities :

Lead the development, implementation, and maintenance of the organizations

ISMS in alignment with ISO 27001 standards.

Conduct gap analysis and risk assessments to identify vulnerabilities and

recommend mitigation strategies.

Collaborate with cross-functional teams to define and document security policies,

procedures, and controls.

Drive ISO 27001 certification readiness, including internal audits, corrective actions,

and continuous improvement initiatives.

Monitor compliance with internal security policies and external regulatory

requirements.

Provide training and awareness programs to employees on information security

best practices.

Stay updated with the latest security trends, threats, and technologies to ensure

proactive risk management.

Support incident response planning and execution, including post-incident analysis

and reporting.

Maintain documentation and evidence required for audits and certification

processes.

Develop and maintain a risk register and ensure timely mitigation of identified risks.

Coordinate with external auditors and consultants during certification and

surveillance audits.

Evaluate and implement security tools and technologies to enhance the

organizations security posture.

Perform regular vulnerability assessments and penetration testing coordination.

Ensure secure configuration and hardening of IT infrastructure and applications.

Support data classification and data protection initiatives across the organization.

Assist in business continuity and disaster recovery planning from a security

perspective.

Track and report key performance indicators (KPIs) and metrics related to

information security.

Participate in change management processes to assess security impacts of new

projects and technologies.

Desired Profile :

Bachelors degree in information technology, Cybersecurity, Computer Science, or a

related field.

Professional certifications such as ISO 27001 Lead Implementer, CISSP, CISM, CISA,

or equivalent.

Minimum 5 years of experience in information security, with at least 2 years

focused on ISMS and ISO 27001 implementation.

Strong understanding of security governance, risk management, and compliance

frameworks.

Experience conducting internal audits and managing external audit processes.

Familiarity with regulatory requirements such as GDPR, HIPAA, or other relevant

standards.

Hands-on experience with security tools and technologies (e.g., SIEM, DLP,

vulnerability scanners, endpoint protection). Understanding of firewalls, proxies,

SIEM, antivirus, and IDS / IPS concepts.

Ability to identify and mitigate network vulnerabilities and explain how to avoid

them.

Knowledge of cloud security principles and controls (Azure, MS Purview, MS

Defender).

Strong analytical and problem-solving skills.

Excellent communication, presentation, and documentation abilities.

Ability to manage multiple projects and priorities in a dynamic environment.

Experience in developing and delivering security awareness training programs.

Sound knowledge of identity and access management and deploying tools to

manage single sign-on.

Sound understanding of IT infrastructure with significant hands-on experience in

cloud platforms.

• Ability to work effectively & guide technical team members. Highly self-motivated;

able to operate autonomously in a dynamic environment

Why Join Us :

Be part of a fast-paced, customer-focused IT team.

Gain hands-on experience with leading enterprise SaaS and endpoint management tools.

Opportunity to grow your skills and advance your career through continuous learning.

About the Company : Ample is a 28 years old organisation. What does it mean for you? We are a stable organisation with with over 28 years of experience in SI / IT - in an environment where companies rarely cross 10.

The foundation for future growth is on the following foundations : Globally revered brands in partnerships with Ample - in the enterprise and retail industry

We live our vision and values : Our customers and team members experience this every day, making it a place to be for anyone engaging with us We have an open culture where people are expected to focus on what-is-right instead of who-is-right. Feedback, suggestions and comments are encouraged, and acted upon. Anyone can speak to anyone in the organisation.