The Information Security role is responsible for managing and executing information security initiatives and projects across MHIL. The position ensures that newly introduced IT projects and existing infrastructure comply with organizational security standards through comprehensive technical security assessments and risk management practices. The role provides hands-on expertise in vulnerability management, application and infrastructure security, and incident response.
Key Roles & Responsibilities
Information Security & Risk Management
- Lead and manage Information Security projects across MHIL.
- Perform Technical Risk Assessments for new and existing IT systems and applications.
- Conduct security assessments for newly onboarded IT projects to ensure compliance with security policies and standards.
- Identify, analyze, and mitigate technical security risks across the organization.
Vulnerability & Threat Management
- Plan and manage Vulnerability Assessment and Penetration Testing (VAPT) activities, including coordination with internal teams and external vendors.
- Track, analyze, and ensure remediation of vulnerabilities identified during assessments.
- Perform configuration reviews and security hardening of systems, applications, databases, and network devices.
Endpoint & Infrastructure Security
- Manage Anti-Virus (AV) and Endpoint Detection & Response (EDR) solutions, including deployment, monitoring, and policy enforcement.
- Oversee Infrastructure Security covering servers, networks, operating systems, and cloud environments (if applicable).
- Implement and monitor Patch Management processes to ensure timely remediation of security vulnerabilities.
Application Security
- Conduct Application Security assessments, including secure code review (as applicable) and application vulnerability testing.
- Work closely with development and project teams to integrate security controls into the application lifecycle (SDLC).
Security Monitoring & Incident Response
- Support SIEM/SOC operations, including log monitoring, alert analysis, and threat investigation.
- Participate in Incident Response activities, including detection, containment, investigation, and remediation of security incidents.
- Assist in developing and maintaining incident response procedures and playbooks.
Governance, Documentation & Compliance
- Prepare and maintain security documentation, risk reports, and assessment findings.
- Support audits, compliance reviews, and regulatory requirements as applicable.
- Provide security guidance, awareness, and best practices to IT and business teams.
Technical skills
Strong hands-on experience in VAPT and Technical Risk Assessments
Expertise in Application Security and Infrastructure Security
Experience with AV/EDR tools and endpoint security solutions
Knowledge of Patch Management tools and processes
Hands-on experience in Configuration Assessment and System Hardening
Working knowledge of SIEM/SOC operations and Incident Response
Understanding of security standards and frameworks (ISO 27001, NIST, etc.)
Qualification & Experience
Graduation in any discipline with computers as a subject
Additional Information Security certifications from recognized organizations (preferred)
Examples: CEH, CISSP, CISM, ISO 27001 LA, Security+, etc.
7+ years of experience in Information Security / Cyber Security roles
