IT Risk Officer

The IT Risk Officer owns day-to-day information-security, privacy, and IT-risk governance for IHX. Acting as the single point of contact between local teams and the Perfios central security office, the role ensures that technology risks are identified, assessed, mitigated, and reported in line with ISO 27001 : 2022 , the Digital Personal Data Protection (DPDP) Act , and Perfios Group policies.

Key Responsibilities

Risk Governance & GRC

Maintain and periodically review the IT / InfoSec risk register with the IT Head and Perfios security lead.

Align the subsidiary’s Statement of Applicability (SoA) with the Perfios ISO 27001 scope and manage related evidence collection.

Policy & Compliance

Localize Perfios security, privacy, and AI policies for complete compliance across teams.

Monitor adherence to the DPDP Act, client contractual obligations, and emerging regulatory requirements.

Security Operations Oversight

Oversee the health and performance of security solutions including CrowdStrike, Netskope, JumpCloud, and SOC integrations.

Triage high-severity alerts and coordinate incident response activities including root-cause analysis.

System Troubleshooting & Correlation

Troubleshoot and correlate system-level issues across Linux / Windows environments with cybersecurity alerts.

Analyze security events across multiple systems and platforms.

Threat & Vulnerability Management

Schedule vulnerability assessments, penetration tests, configuration audits, and GuardDuty reviews.

Track remediation SLAs and provide monthly status updates.

Third-Party Risk Management (TPISA)

Perform risk-based assessments of third-party service providers.

Follow up on identified remediations and verify compliance with contract clauses.

Incident Response & Forensics

Participate in incident response activities including log analysis, forensic triage, containment, and remediation.

Collaborate with forensic specialists to validate findings and assist in root-cause analysis.

Business Continuity & Disaster Recovery

Support disaster-recovery drills for client deployments and verify RTO / RPO compliance.

Update and maintain DR documentation and runbooks.

Awareness & Training

Conduct phishing simulations, awareness programs, and secure-coding refreshers.

Track awareness performance metrics and implement improvements.

Reporting & Metrics

Prepare monthly KPI / KRI dashboards covering risk posture, incidents, and roadmap progress for leadership review.

Required Qualifications & Experience

Mandatory

• Education : Bachelor’s degree in IT, Computer Science, Information Security, or a related field.
• Experience : 5–6 years in InfoSec, IT Risk, or Security Operations with hands-on exposure to SIEM / EDR and audits.
• Certifications : CISSP, CISM, ISO 27001 Lead Auditor, or equivalent.
• Technical Skills : Vulnerability management, endpoint security, cloud security (AWS / Azure / GCP), IAM (JumpCloud / AD), EDR / AV, IDS / IPS, encryption, DLP, SIEM / SOC operations, DDoS protection, patch management.
• Frameworks : ISO 27001, NIST CSF, DPDP Act, OWASP.

Preferred

Core Competencies