Senior Information Security Analyst

Headquartered in Bengaluru, Unacademy is Indiaʼs largest learning platform that brings expert educators together with millions of students in need of quality education. With a growing network of thousands of registered educators and Millions of learners, Unacademy is changing the way India learns. With a mission to democratize education, Unacademy has been a pioneer in the online education sector, providing high-quality content to millions of learners across the country. In line with our commitment to providing holistic learning solutions, Unacademy is expanding its reach into the offline education sector by establishing tuition centers and stores and offering franchise opportunities.

We are bootstrapping our IT Risk & Compliance team and looking for an individual who drives efforts to comply with ICFR IT Audit and compliance with ISO 27001 requirements. This role includes testing and maintaining evidence required for external audit, creation and review of InfoSec policies/procedures, and providing recommendations about InfoSec controls based on the industry's best practices.

You will foster an Information Security culture within the company and help to assess IT audit controls, conduct risk assessments for a variety of Information Assets, collaborate in risk treatment decisions, and assist in implementing/monitoring controls for achieving compliance.

You will also be responsible for maintaining an IT Risk Register and collaborating with stakeholders for risk management and leveraging your knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the organization.

Who you are:

• 4 - 5 years experience individual with good working knowledge and auditing experience in IT General Controls, Application Controls, Interface Controls, ERP controls, and IT Risk Management.
• Assessing & testing IT control elements and determining if controls are designed and operating effectively to mitigate financial and business risks.
• Assessing risk and compliance status against Information Security policies, proposing controls for risk remediation, and tracking the implementation status of controls.
• Experience in promoting a culture of InfoSec awareness and controls that minimize risk and ensure compliance.
• Using project management techniques for planning, anticipating roadblocks, and stakeholder communication.
• Knowledge and experience with industry standards related to IT and Cloud Controls ISO 27001, CSA (CCM-CAIQ), NIST 800-53.
• Familiarity with privacy and data security laws and regulations, including GDPR, and CCPA is desirable.
• Professional security certifications, such as CISA, CRISC, and CISSP (not mandatory).
• Experience with a large banking organization and/or BIG 4 accounting firm is a plus.