Incred (Algebrik AI) - Infosec Engineer

Information Security Engineer

Job Description

● Develop and finalize policies, procedures, and guidelines related to IT and Infosec domains in alignment with industry best practices (ISO 27001 , GDPR and SOC 2)

● Align internal IT and Infosec processes as per ISO 27001 and SOC 2 standards and security guidelines

● Assist in defining and reviewing the key metrics for management reporting

● Develop of cyber security standards, including incorporating industry practices and applicable compliance requirements

● Maintain the the security risk register and related policies

● Maintain the inventory of IT vendors as per regulatory guidelines.

● Develop review checklists, questionnaire, and manage evidences to assist the IT vendor risk management process

● Perform 3rd party security due-diligence reviews and periodic vendor risk assessments to assess vendor compliance.

● Coordinate with external stakeholders and auditors for IT and Infosec related reviews

● Coordinate for conducting periodic penetration testing exercises on in-scope applications and related infrastructure. Coordinate with stakeholders for timely closure of open risks.

● Assist in imparting security awareness training and executing phishing simulation exercises to employees.

● Assist IT and Infosec in gathering the metrics data and prepare management dashboards

● Lead the periodic IT and Infosec governance review meetings and gather feedback for improvement

● Assess the existing IT and Infosec processes and provide recommendations to improve

● Identify opportunities for IT and Infosec governance automation and lead the continuous compliance initiatives

● Support cross-entity teams/group entities to mirror the best practices implemented at the parent entity

● Develop templates for incident reporting and manage artifacts. Assist during incident investigation and collaborating with stakeholders.

● Audit Coordination:

○ Coordinate and facilitate SOC 2 audits, acting as the primary point of contact for the external auditor.

○ Gather evidence and documentation to demonstrate compliance with SOC 2 requirements.

○ Address any audit findings and implement corrective actions. Key Areas: SOC 2 Type 1 and Type 2, ISO 27001, GDPR ,security governance, vendor security due-diligence, vendor security reviews and assessment, preparation of security checklist, security awareness/phishing simulation, management dashboards, manage key metrics for IT and Infosec, Certifications: good to have - CISSP, CISM, ISO 27001, or CISA (Knowledge and experience in SOC 2 is mandatory)

Experience

● Should have 5 - 7 years of experience in information security domain and minimum should have 4 of years in overall IT and Infosec governance related activities.

● Must have sound knowledge in defining processes, developing policies, procedures, and guidelines, and preparing  management reporting dashboards.

● Must have experience in guiding teams with respect to SOC 2 requirements

● Developing and implementing enterprise governance, risk, and compliance strategy and solutions

● Ability to document and explain details in a concise & understandable manner

● Industry recognized certificates relevant to the roles such as SOC 2, ISO 27001 are desired

● Ability to lead complex, cross-functional projects, and problem-solving initiatives.

● Passionate about IT/information security and update knowledge on daily basis to support the organization

● Candidates must have excellent verbal and written communication skills

● Familiarity with industry standards and regulations including PCI, ISO27001, SOC 2, GDPR, CIS, NIST is desired.

● Candidates from BFSI experience will be preferred

● Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security implications

Skills:

● Candidate should be a good team player

● Should have good interpersonal skills

● Good written communication skills including ability to develop process documentation and security guidelines.

● Ability to apply critical thinking and logic to a wide range of intellectual and practical

problems

● Ability to maintain composure under pressure and work calmly during an emergency

● Ability to manage multiple tasks and schedules