Incred-Senior Infosec Engineer

Job Title: Senior Information Security Engineer

Experience Required: 4-5 years in Information Security

Location: Whitefield, Bengaluru

Job Description

● Develop and finalize policies, procedures, and guidelines related to IT and Infosec domains in alignment with industry best practices (ISO 27001 , GDPR and SOC 2).

● Align internal IT and Infosec processes as per ISO 27001 and SOC 2 standards and security guidelines.

● Assist in defining and reviewing the key metrics for management reporting.

● Developing cyber security standards, including incorporating industry practices and applicable compliance requirements.

● Maintain the the security risk register and related policies

● Maintain the inventory of IT vendors as per regulatory guidelines.

● Develop review checklists, questionnaires, and manage evidences to assist the IT vendor risk management process.

● Perform 3rd party security due-diligence reviews and periodic vendor risk assessments to assess vendor compliance.

● Coordinate with external stakeholders and auditors for IT and Infosec related reviews

● Coordinate for conducting periodic penetration testing exercises on in-scope

applications and related infrastructure. Coordinate with stakeholders for timely closure of open risks.

● Assist in imparting security awareness training and executing phishing simulation exercises to employees.

● Assist IT and Infosec in gathering the metrics data and prepare management dashboards.

● Lead the periodic IT and Infosec governance review meetings and gather feedback for improvement.

● Assess the existing IT and Infosec processes and provide recommendations to improve.

● Identify opportunities for IT and Infosec governance automation and lead the continuous compliance initiatives.

● Support cross-entity teams/group entities to mirror the best practices implemented at the parent entity.

● Develop templates for incident reporting and manage artifacts. Assist during incident investigation and collaborating with stakeholders.

● Audit Coordination:

○ Coordinate and facilitate SOC 2 audits, acting as the primary point of contact for the external auditor.

○ Gather evidence and documentation to demonstrate compliance with SOC 2 requirements.

○ Address any audit findings and implement corrective actions.

Key Areas: SOC 2 Type 1 and Type 2, ISO 27001, GDPR ,security governance, vendor security due-diligence, vendor security reviews and assessment, preparation of security checklist, security awareness/phishing simulation, management dashboards,

manage key metrics for IT and Infosec.

Certifications: good to have- CISSP, CISM, ISO 27001, or CISA (Knowledge and experience in SOC 2 is mandatory)

Experience

● Should have 4-5 years of experience in information security domain and minimum should have 4 of years in overall IT and Infosec governance related activities.

● Must have sound knowledge in defining processes, developing policies, procedures, and guidelines, and preparing management reporting dashboards.

● Must have experience in guiding teams with respect to SOC 2 requirements

● Developing and implementing enterprise governance, risk, and compliance strategy

and solutions.

● Ability to document and explain details in a concise & understandable manner

● Industry recognized certificates relevant to the roles such as SOC 2, ISO 27001 are desired.

● Ability to lead complex, cross-functional projects, and problem-solving initiatives.

● Passionate about IT/information security and update knowledge on daily basis to

support the organization.

● Candidates must have excellent verbal and written communication skills

● Familiarity with industry standards and regulations including PCI, ISO27001, SOC 2, GDPR, CIS, NIST is desired.

● Candidates from BFSI experience will be preferred

● Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security implications.

Skills:

● Candidate should be a good team player

● Should have good interpersonal skills

● Goodwritten communication skills including ability to develop process documentation and security guidelines.

● Ability to apply critical thinking and logic to a wide range of intellectual and practical problems.

● Ability to maintain composure under pressure and work calmly during an emergency

● Ability to manage multiple tasks and schedules