Key Responsibilities
- Ensuring regulatory compliance including compliance with SEBI Regulations, IT Act etc.
- Carry out Risk Assessment for cloud or on-premise applications.
- Review of configuration, hardening of IT system as per CIS benchmarking.
- Review of IT & Cyber Security policies and related standards/procedures for identifying potential risk areas to focus on.
- Lead security risk assessments, vulnerability scanning, and threat modeling across systems, databases, and applications; identify mitigation strategies and oversee remediation
- Handle security operations, investigate security incidents and conclude investigation.
- Manage compliance and audits, facilitating internal/external reviews, regulatory reporting, and adherence to standards like ISO 27001, NIST, and data protection laws.
- Prepare presentations for various committees to place the key risks and controls for management review.
- Assist in implementation and maintaining the cyber & technology risk framework to identify, assess, mitigate, and monitor key risks.
- Securing IT systems by establishing and enforcing policies; defining and monitoring access.
- Collaborate with Business risk team, Enterprise risk team for aligning information security risk with business risk/enterprise risk.
- Contributing to Information Security policy updates.
- Training and awareness for staff on network and information security procedures.
- Ensure role ownership and role functionalities are in line with the Information security.
- Remediation and closure of findings identified during risk assessment.
Qualifications and Skills:
Education: Engineering or IT Graduate.
Experience: 5-6 years exp in Information Security.
Technical Skill: Audit, SEBI regulations, SIEM, VAPT, DLP, TPRM
Soft Skill: Strong coordination, communication for stakeholder engagement, and ability to manage priorities in regulated environments.
Any certification like CISM, ISO27001, etc. is added advantage.
