Information security specialist

Designation - Information Security Specialist Location - Address: 4th Floor, NCC Windsor, International Airport Road, opposite Flying Club, Yashoda Nagar, Jakkur, Bengaluru, Karnataka Job Type: Full Time Job Summary: We are seeking a skilled and proactive Information Security Specialist to join our Internal IT team. This role will be pivotal in developing, streamlining, and maintaining the organisations Information Security Management System (ISMS) and leading the implementation of ISO 27001 standards and the regulations that the business needs to comply with, like GDPR, DPDP Act. The ideal candidate will have a strong understanding of information security frameworks, risk management, and compliance requirements. Key Responsibilities : Lead the development, implementation, and maintenance of the organizations ISMS in alignment with ISO 27001 standards. Conduct gap analysis and risk assessments to identify vulnerabilities and recommend mitigation strategies. Collaborate with cross-functional teams to define and document security policies, procedures, and controls. Drive ISO 27001 certification readiness, including internal audits, corrective actions, and continuous improvement initiatives. Monitor compliance with internal security policies and external regulatory requirements. Provide training and awareness programs to employees on information security best practices. Stay updated with the latest security trends, threats, and technologies to ensure proactive risk management. Support incident response planning and execution, including post-incident analysis and reporting. Maintain documentation and evidence required for audits and certification processes. Develop and maintain a risk register and ensure timely mitigation of identified risks. Coordinate with external auditors and consultants during certification and surveillance audits. Evaluate and implement security tools and technologies to enhance the organizations security posture. Perform regular vulnerability assessments and penetration testing coordination. Ensure secure configuration and hardening of IT infrastructure and applications. Support data classification and data protection initiatives across the organization. Assist in business continuity and disaster recovery planning from a security perspective. Track and report key performance indicators (KPIs) and metrics related to information security. Participate in change management processes to assess security impacts of new projects and technologies. Desired Profile : Bachelors degree in information technology, Cybersecurity, Computer Science, or a related field. Professional certifications such as ISO 27001 Lead Implementer, CISSP, CISM, CISA, or equivalent. Minimum 5 years of experience in information security, with at least 2 years focused on ISMS and ISO 27001 implementation. Strong understanding of security governance, risk management, and compliance frameworks. Experience conducting internal audits and managing external audit processes. Familiarity with regulatory requirements such as GDPR, HIPAA, or other relevant standards. Hands-on experience with security tools and technologies (e.g., SIEM, DLP, vulnerability scanners, endpoint protection). Understanding of firewalls, proxies, SIEM, antivirus, and IDS/IPS concepts. Ability to identify and mitigate network vulnerabilities and explain how to avoid them. Knowledge of cloud security principles and controls (Azure, MS Purview, MS Defender). Strong analytical and problem-solving skills. Excellent communication, presentation, and documentation abilities. Ability to manage multiple projects and priorities in a dynamic environment. Experience in developing and delivering security awareness training programs. Sound knowledge of identity and access management and deploying tools to manage single sign-on. Sound understanding of IT infrastructure with significant hands-on experience in cloud platforms. Ability to work effectively & guide technical team members. Highly self-motivated; able to operate autonomously in a dynamic environment Why Join Us: Be part of a fast-paced, customer-focused IT team. Gain hands-on experience with leading enterprise Saa S and endpoint management tools. Opportunity to grow your skills and advance your career through continuous learning. About the Company: Ample is a 28 years old organisation. What does it mean for you? We are a stable organisation with with over 28 years of experience in SI / IT - in an environment where companies rarely cross 10.• We have built trusting relationships - with team members, customers and partners, several of them for over a decade, and many over two decades.• We have navigated diverse challenges, disruptions and have navigated them all, and emerged triumphant. The foundation for future growth is on the following foundations: Globally revered brands in partnerships with Ample - in the enterprise and retail industry• You would be representing a brand that the market has revered and valued over two decades• We aspire to grow at a trailblazing pace over the next 5 years, and reach USD 1 Billion. This will need leaders who can take the mantle of responsibility towards this opportunity. • Our current enterprise base of 1500 customers is spread across the country and will become the core of our growth engine We live our vision and values: Our customers and team members experience this every day, making it a place to be for anyone engaging with us We have an open culture where people are expected to focus on what-is-right instead of who-is-right. Feedback, suggestions and comments are encouraged, and acted upon. Anyone can speak to anyone in the organisation.