Senior Information Security Specialist

Location - Jakkur (Yehalanka) | 5 days working from office Immediate Joiner preferred Job Summary: We are seeking a skilled and proactive Information Security Specialist to join our Internal IT team. This role will be pivotal in developing, streamlining, and maintaining the organization’s Information Security Management System (ISMS) and leading the implementation of ISO 27001 standards and the regulations that the business needs to comply with, like GDPR, DPDP Act. The ideal candidate will have a strong understanding of information security frameworks, risk management, and compliance requirements. Key Responsibilities: Lead the development, implementation, and maintenance of the organization’s ISMS in alignment with ISO 27001 standards. Conduct gap analysis and risk assessments to identify vulnerabilities and recommend mitigation strategies. Collaborate with cross-functional teams to define and document security policies, procedures, and controls. Drive ISO 27001 certification readiness, including internal audits, corrective actions, and continuous improvement initiatives. Monitor compliance with internal security policies and external regulatory requirements. Provide training and awareness programs to employees on information security best practices. Stay updated with the latest security trends, threats, and technologies to ensure proactive risk management. Support incident response planning and execution, including post-incident analysis and reporting. Maintain documentation and evidence required for audits and certification processes. Develop and maintain a risk register and ensure timely mitigation of identified risks. Coordinate with external auditors and consultants during certification and surveillance audits. Evaluate and implement security tools and technologies to enhance the organization’s security posture. Perform regular vulnerability assessments and penetration testing coordination. Ensure secure configuration and hardening of IT infrastructure and applications. Support data classification and data protection initiatives across the organization. Desired Profile : Assist in business continuity and disaster recovery planning from a security perspective. Track and report key performance indicators (KPIs) and metrics related to information security. Participate in change management processes to assess security impacts of new projects and technologies. Bachelor’s degree in information technology, Cybersecurity, Computer Science, or a related field. Professional certifications such as ISO 27001 Lead Implementer, CISSP, CISM, CISA, or equivalent. Minimum 5 years of experience in information security, with at least 2 years focused on ISMS and ISO 27001 implementation. Strong understanding of security governance, risk management, and compliance frameworks. Experience conducting internal audits and managing external audit processes. Familiarity with regulatory requirements such as GDPR, HIPAA, or other relevant standards. Hands-on experience with security tools and technologies (e.g., SIEM, DLP, vulnerability scanners, endpoint protection). Understanding of firewalls, proxies, SIEM, antivirus, and IDS/IPS concepts. Ability to identify and mitigate network vulnerabilities and explain how to avoid them. Knowledge of cloud security principles and controls (Azure, MS Purview, MS Defender). Strong analytical and problem-solving skills. Excellent communication, presentation, and documentation abilities. Ability to manage multiple projects and priorities in a dynamic environment. Experience in developing and delivering security awareness training programs. Sound knowledge of identity and access management and deploying tools to manage single sign-on. Sound understanding of IT infrastructure with significant hands-on experience in cloud platforms. Ability to work effectively & guide technical team members. Highly self-motivated; able to operate autonomously in a dynamic environment Strong oral and written communication skills.