Information Security Analyst

Title:

Information Security Analyst

Location:

Gurugram / Hybrid
Min Experience : 3+ years

Job Description
Role Purpose
seWe prioritize the security and privacy of our customers' data and are committed to maintaining the highest standards of information security. The Cyber Security Compliance Specialist will play an essential role in managing information security governance, risk, and complianc

Key Responsibilities:

1. Client Requests and Contract Revie
ws:

Serve as a point of contact for client requests for information related to information security compliance. Must have deep understanding in this and provide detailed evidence based respons
es.

Review contracts and agreements to ensure compliance with information security requirements and standards.
Attending client meetings and address their security concerns.
2. Third-Party Risk Management
Manage third-party risk assessment processes, including vendor security assessments and due diligence
Evaluate third-party security controls and assess their alignment with organizational policies and standards.
3. Exception Requests
Review and evaluate exception requests related to information security policies and standards
Assess the impact of proposed exceptions and make recommendations to management for approval or mitigation
4. Compliance Management
Assist in the development, implementation, and maintenance of the company's information security compliance program
Ensure adherence to regulatory requirements, industry standards, and internal policies and procedures.
Conduct regular compliance assessments and audits to identify gaps and areas for improvement
5. Governance Support
Support the establishment and maintenance of information security governance frameworks, policies, and procedures
Assist in the development of governance documentation, including charters, policies, standards, and guidelines.
Provide guidance and support to stakeholders on governance-related matters, ensuring alignment with business objectives
6. Risk Management
Assist in the identification, assessment, and mitigation of information security risks across the organization.
Conduct risk assessments and analyze security controls to ensure effectiveness and compliance with ISO 27001 requirements. Collaborate with stakeholders to develop and implement risk mitigation strategies and action plans.
7. ISO 27001 Compliance
Support the implementation and maintenance of ISO 27001 certification requirements.
Assist in the development and documentation of ISO 27001 policies, procedures, and controls.
Conduct internal audits to assess compliance with ISO 27001 standards and identify areas for improvement.
8. Security Awareness and Training
Assist in the development and delivery of security awareness and training programs for employees
Promote a culture of security awareness and best practices throughout the organization.

Influence And Decision-Making Authority
Operating within practices and procedures covered by precedent or well-defined policies; end results will be subject to review. The job will contain a variety of activities and clear short-term objectives. The job holder may determine their own priorities whilst meeting clear outcomes
Explains policies, practices and procedures of the job area to parties within and outside of own job function.

May have responsibility for communicating with parties external to the organisation (e.g., customers, vendors, etc.).

Skills & Experience
3-4 years of experience in information security, compliance, or related field
Strong English Verbal communication skills, including presentation skills, with an ability to communicate with a range of technical and non-technical team members and other relevant individuals
Strong English Written communication skills, for example to write technical reports and reviews of Master Service Agreement.
Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field
Lead Implementer Training ISO 27001