Information Security Specialist

Job Summary :

We are seeking a highly motivated and independent Information Security Engineer to join

our information security team. The ideal candidate will possess a broad range of technical and compliance expertise across various information security domains. This role requires an individual who can work autonomously, manage multiple projects, and take ownership of security initiatives with minimal supervision. You will be instrumental in safeguarding our assets, ensuring regulatory compliance, and driving the continuous improvement of our security posture.

Key Responsibilities :

• Third-Party Risk Management (TPRM) :

○ Conduct thorough due diligence and risk assessments of new and existing third-party

vendors and partners.

○ Review vendor security documentation, questionnaires, and audit reports to identify and

mitigate potential risks.

○ Collaborate with legal and procurement teams to ensure security requirements are

integrated into vendor contracts.

○ Perform comprehensive technical risk assessments of security tools and infrastructure,

including SIEM (Security Information and Event Management) and SOC (Security

Operations Center) processes.

○ Analyze security logs, alerts, and incident data to identify vulnerabilities and recommend

remediation strategies.

○ Evaluate the effectiveness of security controls and provide recommendations for

enhancement.

○ Assess and ensure the effectiveness of IT General Controls relevant to financial reporting

and operational integrity.

○ Develop and implement ITGC frameworks and processes.

○ Support internal and external audits related to ITGC.

○ Contribute to the design, implementation, and maintenance of secure cloud environments

(e.G., AWS, Azure, GCP).

○ Assess cloud security configurations, identify misconfigurations, and recommend best

practices.

○ Stay abreast of emerging cloud security threats and technologies.

○ Ensure adherence to information security guidelines and mandates from key regulators such

as SEBI, NSE, BSE, CDSL, etc.

○ Translate regulatory requirements into actionable security controls and processes.

○ Assist in preparing for and responding to regulatory audits and inquiries.

○ Support the implementation and maintenance of our ISO 27001 certified Information Security

Management System (ISMS).

○ Participate in risk assessments, control selection, and internal audit activities related to ISO

27001.

○ Develop and update security policies, standards, and procedures in line with best practices.

○ Lead and manage information security projects from inception to completion with minimal

guidance.

○ Prioritize tasks, manage timelines, and communicate progress effectively to stakeholders.

○ Proactively identify security gaps, propose solutions, and drive their implementation.

○ Ability to work independently, take initiative, and deliver high-quality results in a fast-paced

environment.

○ Assist in incident response planning and execution.

○ Conduct security awareness training.

○ Stay current with industry trends, threats, and security technologies.

Qualifications :

assessments, cloud security, and regulatory compliance.

concepts to both technical and non-technical audiences.

Preferred Qualifications (Bonus Points) :

mandatory).