Information Security Engineer

Job Summary: We are seeking a highly motivated and independent Information Security Engineer to joinour information security team. The ideal candidate will possess a broad range of technical and compliance expertise across various information security domains. This role requires an individual who can work autonomously, manage multiple projects, and take ownership of security initiatives with minimal supervision. You will be instrumental in safeguarding our assets, ensuring regulatory compliance, and driving the continuous improvement of our security posture.Key Responsibilities:● Third-Party Risk Management (TPRM):○ Conduct thorough due diligence and risk assessments of new and existing third-partyvendors and partners.○ Review vendor security documentation, questionnaires, and audit reports to identify andmitigate potential risks.○ Collaborate with legal and procurement teams to ensure security requirements areintegrated into vendor contracts.● Technical Risk Assessments:○ Perform comprehensive technical risk assessments of security tools and infrastructure,including SIEM (Security Information and Event Management) and SOC (SecurityOperations Center) processes.○ Analyze security logs, alerts, and incident data to identify vulnerabilities and recommendremediation strategies.○ Evaluate the effectiveness of security controls and provide recommendations forenhancement.● IT General Controls (ITGC):○ Assess and ensure the effectiveness of IT General Controls relevant to financial reportingand operational integrity.○ Develop and implement ITGC frameworks and processes.○ Support internal and external audits related to ITGC.● Cloud Security:○ Contribute to the design, implementation, and maintenance of secure cloud environments(e.g., AWS, Azure, GCP).○ Assess cloud security configurations, identify misconfigurations, and recommend bestpractices.○ Stay abreast of emerging cloud security threats and technologies.● Regulatory Compliance:○ Ensure adherence to information security guidelines and mandates from key regulators suchas SEBI, NSE, BSE, CDSL, etc.○ Translate regulatory requirements into actionable security controls and processes.○ Assist in preparing for and responding to regulatory audits and inquiries.● Information Security Management System (ISMS):○ Support the implementation and maintenance of our ISO 27001 certified Information SecurityManagement System (ISMS).○ Participate in risk assessments, control selection, and internal audit activities related to ISO27001.○ Develop and update security policies, standards, and procedures in line with best practices.● Project Management & Ownership Independence:○ Lead and manage information security projects from inception to completion with minimalguidance.○ Prioritize tasks, manage timelines, and communicate progress effectively to stakeholders.○ Proactively identify security gaps, propose solutions, and drive their implementation.○ Ability to work independently, take initiative, and deliver high-quality results in a fast-pacedenvironment.● General Information Security:○ Assist in incident response planning and execution.○ Conduct security awareness training.○ Stay current with industry trends, threats, and security technologies.Qualifications:● Bachelor's degree in Computer Science, Information Security, or a related field.● 4-6 years of progressive experience in information security roles.● Proven experience across multiple information security domains, including TPRM, technical riskassessments, cloud security, and regulatory compliance.● Solid understanding of IT General Controls (ITGC).● Demonstrable knowledge of regulatory requirements from bodies like SEBI, NSE, BSE, CDSL.● Hands-on experience with ISO 27001 implementation and maintenance.● Familiarity with SIEM/SOC operations and security monitoring tools.● Excellent analytical, problem-solving, and decision-making skills.● Strong written and verbal communication skills, with the ability to articulate complex securityconcepts to both technical and non-technical audiences.● Ability to work independently, manage multiple priorities, and meet deadlines.Preferred Qualifications (Bonus Points):● Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP certifications are a plus but notmandatory).● Prior experience in the SEBI regulated sector.