Information Security Analyst - ISMS / GRC

This role is pivotal in developing, implementing, and monitoring security policies, ensuring compliance, and managing risk across the firm. The ideal candidate will have expertise in Governance, Risk, and Compliance (GRC) and will play a key role in tracking vulnerabilities, managing security alerts, and overseeing learning modules.

Responsibilities and Duties :

• Policy & Compliance : Develop and implement Information Security Management System (ISMS) policies and procedures.
• Learning Management : Design, monitor, and enhance learning modules for security awareness.
• Risk & Compliance : Conduct contract reviews and manage Third-Party Risk Management (TPRM) processes.
• Security Monitoring : Track and resolve exploitable vulnerabilities with the support team.
• Phishing & Threat Management : Execute phishing tests and monitor firm-wide progress.
• Access & Software Management : Handle Infosec software installations, VPN access, generic email IDs, and admin rights requests, ensuring proper tracking and documentation.
• Security Operations Center (SOC) : Monitor and send SOC alerts to relevant teams while maintaining records.
• Reporting & Analysis : Prepare Management Information System (MIS) reports for the IT team.
• Conducting process audit and maintaining compliance with contractual, regulatory and organization policies.
• Ensuring oversight and adherence to all defined Governance processes.
• Providing timely alerts to management on deviations and non-compliance that might affect the companys ability to meet customer requirements and commitments.
• Conducting an ISO 27001 audit, including planning, execution, and follow-up. preparing an audit report, verification and closure of non-conformities (NC), and the implementation of corrective and preventive actions (CAPA).
• Conducting a gap analysis between existing processes and required compliance standards and then developing action plans to address these gaps.
• Ensuring that IT processes and practices adhere to relevant regulations and standards, such as HIPAA and ISO 27001.
• Collaborating closely with the external audit team in the ISO audit process and ensuring seamless communication and coordination.
• Conducting systematic periodic risk assessments to reduce the risks by using a risk management process.

Qualifications & Skills :

Max CTC - 12 Lacs

Notice Period - Immediate to one Month

(ref : hirist.tech)