Information Security Officer

Close date:
Wednesday, 30 July 2025

Working pattern:
Full time

Contract Type:
Permanent

**Location**:
Gurgaon (SEZ1)

Department:
13 - 13 Security

Description & Requirements:
**Bravura’s Commitment and Mission**
- At Bravura Solutions, collaboration, diversity and excellence matter. We value your ideas, giving you room to be curious and innovate in an exciting, fast-paced, and flexible environment. We look for many different skills and abilities, as well as how you can add value to Bravura and our culture.
- As a Global FinTech market leader and ASX listed company, Bravura is a trusted partner to over 350 leading financial services clients, delivering wealth management technology and products. We invest significantly in our technology hubs and innovation labs, which inspire and drive our creative, future-focused mindset. We take pride in developing cutting-edge, digital first technology solutions that support our clients to achieve financial security and prosperity for their customers.

**About The Team/Project**

The Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will support security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management.
- As a Managed Service Provider (MSP) and data processor for clients, the analysts will enable security controls aligning with client contractual obligations, regulatory requirements, and industry best practices. The analyst will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges

**What You’ll Do**

**The position is within the Information Security team. Main activities will include but are not limited to**:
**Internal Audit & Assurance**:

- Support the implementation and operations of the ISMS within the region.
- Support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS.Support continuous assessment and improvement of security controls and processes.**Information Security Risk Management**
- Support, identify, assess, and mitigate security risks.
- Maintain the risk register and track remediation activities.Provide risk-based guidance to business units, IT teams, and client-facing operations.**Information Security Policy & Standards**
- Ensure compliance with corporate security policies, frameworks, and client-specific security mandates.
- Develop and enforce security standards and client requirements.
- Input into periodic reviews and updates to security policies to align with evolving requirements.

**Information Security Audit & Compliance**
- Support internal and external security audits, ensuring timely remediation of findings.
- Provide security assurance to clients by responding to security questionnaires and participating in client audits.
- Coordinate with service delivery teams to meet client-specific obligations.Monitor and report on security posture, client security commitments, and compliance status.**Information Security Training & Awareness**
- Support the delivery of security awareness programs
- Support phishing exercises and other training initiatives to enhance security culture.
- Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training.

**Supply Chain Risk Management**
- Support the assessment and management of security risks associated with third-party vendors and suppliers.
- Support security requirements are included in vendor contracts and SLAs.
- Enable regular security assessments of critical suppliers, considering the impact on client services.

**Security Operations & Incident Management Support**
- Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation.
- Work with the Security Operations team to protect both internal and client environments.
- Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations.

**Qualifications and Experience**
- Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
- 3+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment.
- Good understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks.
- Experience in security risk management, audits, compliance, and client security assurance.
- Knowledge of security operations, incident response, and managed security services.
- Familiarity with supply chain security and third-party risk management.
- Good communication and stakeholder management skills, with experience working with clients