Information Security Engineer

Job Summary: We are seeking a highly motivated and independent Information Security Engineer to join our information security team. The ideal candidate will possess a broad range of technical and compliance expertise across various information security domains. This role requires an individual who can work autonomously, manage multiple projects, and take ownership of security initiatives with minimal supervision. You will be instrumental in safeguarding our assets, ensuring regulatory compliance, and driving the continuous improvement of our security posture. Key Responsibilities: ● Third-Party Risk Management (TPRM): ○ Conduct thorough due diligence and risk assessments of new and existing third-party vendors and partners. ○ Review vendor security documentation, questionnaires, and audit reports to identify and mitigate potential risks. ○ Collaborate with legal and procurement teams to ensure security requirements are integrated into vendor contracts. ● Technical Risk Assessments: ○ Perform comprehensive technical risk assessments of security tools and infrastructure, including SIEM (Security Information and Event Management) and SOC (Security Operations Center) processes. ○ Analyze security logs, alerts, and incident data to identify vulnerabilities and recommend remediation strategies. ○ Evaluate the effectiveness of security controls and provide recommendations for enhancement. ● IT General Controls (ITGC): ○ Assess and ensure the effectiveness of IT General Controls relevant to financial reporting and operational integrity. ○ Develop and implement ITGC frameworks and processes. ○ Support internal and external audits related to ITGC. ● Cloud Security: ○ Contribute to the design, implementation, and maintenance of secure cloud environments (e.g., AWS, Azure, GCP). ○ Assess cloud security configurations, identify misconfigurations, and recommend best practices. ○ Stay abreast of emerging cloud security threats and technologies. ● Regulatory Compliance: ○ Ensure adherence to information security guidelines and mandates from key regulators such as SEBI, NSE, BSE, CDSL, etc. ○ Translate regulatory requirements into actionable security controls and processes. ○ Assist in preparing for and responding to regulatory audits and inquiries. ● Information Security Management System (ISMS): ○ Support the implementation and maintenance of our ISO 27001 certified Information Security Management System (ISMS). ○ Participate in risk assessments, control selection, and internal audit activities related to ISO 27001. ○ Develop and update security policies, standards, and procedures in line with best practices. ● Project Management & Ownership Independence: ○ Lead and manage information security projects from inception to completion with minimal guidance. ○ Prioritize tasks, manage timelines, and communicate progress effectively to stakeholders. ○ Proactively identify security gaps, propose solutions, and drive their implementation. ○ Ability to work independently, take initiative, and deliver high-quality results in a fast-paced environment. ● General Information Security: ○ Assist in incident response planning and execution. ○ Conduct security awareness training. ○ Stay current with industry trends, threats, and security technologies. Qualifications: ● Bachelor's degree in Computer Science, Information Security, or a related field. ● 4-6 years of progressive experience in information security roles. ● Proven experience across multiple information security domains, including TPRM, technical risk assessments, cloud security, and regulatory compliance. ● Solid understanding of IT General Controls (ITGC). ● Demonstrable knowledge of regulatory requirements from bodies like SEBI, NSE, BSE, CDSL. ● Hands-on experience with ISO 27001 implementation and maintenance. ● Familiarity with SIEM/SOC operations and security monitoring tools. ● Excellent analytical, problem-solving, and decision-making skills. ● Strong written and verbal communication skills, with the ability to articulate complex security concepts to both technical and non-technical audiences. ● Ability to work independently, manage multiple priorities, and meet deadlines. Preferred Qualifications (Bonus Points): ● Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP certifications are a plus but not mandatory). ● Prior experience in the SEBI regulated sector.