Position Title : Senior Information Security Analyst
CTC : 12-13 LPA
Exp : 5+yr
Location : Bangalore (CV Raman Nagar)
Working Mode : Onsite
Woking days : Monday to Friday
Working Timings : 9 AM to 6 PM
Primary Skill : External and internal IT audits, ISO 27001, SOX, IT General Controls (ITGC) assessments, cybersecurity frameworks, NIST, and PCI DSS
Qualification : BE / B.Tech / BSC / BCA / M.Tech / ME
Key Responsibilities : & Compliance :
- Conduct external and internal IT audits following ISO 27001, SOX, and other regulatory frameworks.
- Perform IT General Controls (ITGC) assessments and ensure compliance with cybersecurity frameworks such as NIST 2.0, PCI DSS, and ISO 27001 : 2022.
- Identify control deficiencies and recommend corrective actions to improve security posture.
- Conduct Cyber Maturity Assessments and risk evaluations.
- Conducting GAP Engagement & Advisory :
- Act as a primary contact for client engagements, audit planning, and risk advisory services.
- Lead and facilitate client meetings, walkthroughs, and audit discussions.
- Provide strategic recommendations, develop security roadmaps, and present findings to senior Management & Governance :
- Evaluate risk management practices and ensure mitigation of security vulnerabilities.
- Assist in the implementation of security best practices, policies, and frameworks.
- Manage third-party / vendor risk assessments and ensure & Documentation :
- Prepare audit reports, risk assessments, and compliance documentation.
- Develop and maintain Standard Operating Procedures (SOPs) for future audits.
- Track remediation progress and ensure implementation of security Skills : Expertise :
- Hands-on experience in SOX IT controls, ITGC, risk assessment, and compliance audits.
- Strong knowledge of ISO 27001, NIST CSF, PCI DSS, and other cybersecurity frameworks.
- Proficiency in security audits, control testing, and compliance :
- Excellent communication and stakeholder management skills.
- Strong analytical and problem-solving abilities.
- Ability to work independently and manage multiple audit engagements.
- Exposure to multi-client audit engagements in GRC, IT Risk, and Cybersecurity frameworks.
ref : hirist.tech)