Information Security Specialist

It's never been a more exciting time to join Vistra.

At Vistra our purpose is progress. We believe that our clients have the power to change the world and to do great things for global progress, and we exist to remove the friction that comes from the complexity of global business to help our clients achieve progress without friction.

But progress only happens when people come together and take action. And we're absolutely committed to building a culture where our people can do just that.

We have an exciting opportunity for you to join our team as Information Security Specialist. Reporting to the Head of Department, this full-time and permanent position is based in Mumbai, India and offers regional coverage, allowing you to make a significant impact to our Cyber security Department and its growth.

Purpose of Role

The Information Security Specialist at Vistra will play a pivotal role in implementing and managing the Vistra's information security strategies globally, including offering support to Vistra staff, and provide security training and awareness programs to promote a culture of security and best practices within Vistra, creating knowledge articles, conducting awareness webinars, facilitating and managing audits, support in vendor risk assessments and Business Continuity Management activities to ensure implement a robust security posture and promote security culture across Vistra globally. This position is critical to ensuring Vistra's adherence to its Group Information and CyberSecurity Policy & Standards, while also being the primary contact for information security within the organization while supporting the Information Security requirements across different BUs and driving the continuous improvement of security practices.

Key Responsibilities

Key Responsibilities of the Information Security Specialist

Global Information Security Management

Delivery: Implement and manage information security strategies across Vistra, focusing on Asia.

Approach: Adhere to global security procedures while adapting to regional needs.

Collaboration: Work with the global information security team and regional stakeholders.

Business Continuity Planning (BCP)

Delivery: Develop and maintain BCM, DR, and BIA processes.

Approach: Use existing frameworks, Including DORA, conduct annual effectiveness tests.

Collaboration: Partner with IT, HR, and operational teams.

Risk Management

Delivery: Identify and mitigate information security risks.

Approach: Analyse risks using past precedents and implement mitigation strategies.

Collaboration: Engage with security, audit, and business unit leaders.

Audit and Compliance

Delivery: Support audit activities and ensure compliance with regulations.

Approach: Assist in internal and external audits, follow up on findings.

Collaboration: Liaise with compliance, audit teams, and external auditors.

Security Awareness Training

Delivery: Raise security awareness and conduct training.

Approach: Develop engaging programs adapted to regional needs.

Collaboration: Work with HR and managers to deliver training.

This streamlined set of responsibilities highlights the critical role of the Information Security Specialist in safeguarding Vistra's data and systems, with a focus on the Asia region, without direct reports but in close collaboration with various teams and stakeholders.

Attributes/Technical Skills

Attributes and Technical Skills for the Information Security Specialist

Core Competencies:

• Analytical Skills: Ability to identify risks and vulnerabilities and devise effective mitigation strategies.
• Communication Skills: Strong ability to articulate security policies, risks, and advice effectively to various audiences.
• Influence: Ability to lead by example, influence security best practices, and promote a culture of security awareness.
• Problem-Solving: Skilled in addressing complex security issues with innovative solutions.
• Adaptability: Can adapt to rapidly changing threat landscapes and business needs.

Technical Skills Required:

• Information Security Management: Profound knowledge of information security principles, frameworks (e.g., ISO 27001, NIST), and regulations (e.g., GDPR).
• Business Continuity and Disaster Recovery Planning: Experience in developing, implementing, and testing BCP and DR plans.Understanding of new regulations e.g. DORA
• Risk Assessment and Management: Expertise in conducting risk assessments, audits, and applying risk management strategies.
• IT Systems and Network Security: Understanding of IT infrastructure, network security, and the various threats posed to them.
• Incident Management: Ability to manage and respond to security incidents effectively.
• Languages: Proficiency in English is required to cater to the specific regional focus in Asia, particularly for effective communication and training delivery.
• Cybersecurity Technologies: Familiarity with current cybersecurity technologies and trends, including firewalls, anti-virus software, and intrusion detection/prevention systems.
• Data Privacy: Understanding of data privacy principles and laws, especially as they apply in the Asia region.

Relevant Experience

Relevant Experience for the Information Security Specialist

• Years of Experience: 5-8 years of work experience in the field of Information Security, Business Continuity Management, or a related area is required.
• Type of Experience:
• Proven track record in developing and implementing information security policies and procedures within a global organization.
• Hands-on experience with Business Continuity Planning (BCP), Disaster Recovery (DR) processes, and Business Impact Analysis (BIA).Experience in conducting risk assessments, managing audits (internal and external), and compliance checks with information security standards (e.g., ISO 27001, NIST).Demonstrated ability in incident management and response, alongside a strong understanding of IT and network security principles.
• Effective communication and stakeholder management skills
• Previous involvement in projects that require coordination across multiple jurisdictions, particularly in the Asia region.
• Experience in cybersecurity technologies deployment and management, and familiarity with the latest trends and threats in cyber security.
• Contributions to the development and maintenance of information security frameworks and certifications within an organization.
• Experience in the financial or professional services sector, with an understanding of the specific information security challenges and regulatory requirements in these industries.

Education and Professional Qualification

Educational Background:

• A bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field is required.
• Demonstrable knowledge and understanding of information security frameworks and standards such as ISO 27001, NIST, or similar.

Professional Qualifications:

The education and professional qualifications section outlines the foundational academic background and essential certifications necessary to perform the core functions of the Information Security Specialist role effectively. The desirable qualifications aim to highlight additional credentials and specializations that would enrich the candidate's ability to contribute to higher-level strategic initiatives and tackle the complex challenges faced by an international organization like Vistra.

Company Benefits:

At our Vistra India office, we believe in putting our employees well-being first! We offer a hybrid working arrangement. Additionally, we provide attractive insurance benefits, excellent job exposure and career prospects.

If you are excited about working with us, we encourage you to apply or have a confidential chat with one of our Talent Acquisition team members. Our goal is to make this a great place to work where all our people can thrive. We hope you join us on this exciting journey!