Lead Engineer

Acuity Knowledge Partners

Acuity Knowledge Partners (Acuity) is a leading provider of bespoke research, analytics and technology solutions to the financial services sector, including asset managers, corporate and investment banks, private equity and venture capital firms, hedge funds and consulting firms. Its global network of over 6,000 analysts and industry experts, combined with proprietary technology, supports more than 500 financial institutions and consulting companies to operate more efficiently and unlock their human capital, driving revenue higher and transforming operations. Acuity is headquartered in London and operates from 10 locations worldwide.

The company fosters a diverse, equitable and inclusive work environment, nurturing talent, regardless of race, gender, ethnicity or sexual orientation.

Acuity was established as a separate business from Moody's Corporation in 2019, following its acquisition by Equistone Partners Europe (Equistone). In January 2023, funds advised by global private equity firm Permira acquired a majority stake in the business from Equistone, which remains invested as a minority shareholder.

For more information, visit

Basic Information

Position Title - Lead Engineer, Information Security

Experience Level - 2 to 3 years

Department - Information Security

Location - Gurgaon

Position reports to - Director

Shift Timings - Gurgaon (Support Beijing), Work Shift 8:30am IST to 5:30pm IST

Job Purpose

By working with global clients, Acuity Knowledge Partners provides its employees the opportunity to gain valuable experience and to benchmark themselves against some of the finest institutions in the world. We have a strong performance-driven culture, one that is entrepreneurial and fun to be part of.

Key Responsibilities

• This is a challenging position within the Acuity Information Security team, reporting up to Director, CISO.
• Responsible to Run and maintain of ISO27001, conduct Internal Audit, Information security risk management, Cyber Security, BCMS and SOC 2 framework implementation and maintenance along with other relevant guidelines and regulations for the organization. Provide an oversight and enforce Information Security controls to ensure information security Compliance & Assurance.
• The candidate is very motivated and willing to take on challenges, able to multitask to succeed, and has the ability to work independently with minimal oversight.

Key Competencies

• Work with functional groups (HR, Compliance, IT & facilities, Client Accounts) in the validation of organizational security and maintain a process to ensure maintenance of organization's ISO27001 certification along with risk management framework and BCMS requirements.
• Conduct periodic internal ISMS audits and risk assessments to assess the adequacy of the security controls and provide recommendations.
• Facilitate external audits for different industry certifications e.g. ISO 27001, SOC2 audits, client audits.
• Ensure coordination with IT team for implementing best industry practice for network, Cloud and Cyber security.
• Work closely with other support function to implement best security controls w.r.t. cyber/cloud and data security.
• Identify and implement corrective action plan to address external / internal audit findings and updating statement of applicability.
• Documentation of Security Policies, Standards, Guidelines & Standard Operating Procedures.
• Coordinate with multiple teams for management and investigation of security incidents and perform root cause analysis.
• Conduct periodic Security Awareness Training programs.
• Develop, test and maintain business continuity and Disaster Recovery plans.
• Ensure compliance to Regulatory compliance requirements applicable to the organization. In- depth knowledge of Information Security risk and industry best practices. Assists departments to ensure regulatory compliance in areas such as ISO: 27001, SOC II, GDPR and so on.
• Coordinate with functional support groups and operational groups for generation of security metrics to track compliance.
• Perform vendor risk assessments, maintain the process in the GRC tool.
• Serve as a SME on cloud cyber risk for leading cloud platforms AWS, Azure/ office 365.1.
• Lead cybersecurity controls testing across On-prem & Cloud Environment to determine control effectiveness and adherence to both internal cybersecurity policies and external requirements e.g. Industry Certifications, Laws, Regulations and Contracts.
• Develop and lead cyber risk Initiative as part of cloud transformation projects on AWS\Azure cloud services.
• Design and develop cloud platform-specific security policies, standards, and procedures for management group and account/subscription management and configuration e.g. azure policy, azure security center, AWS Infra Security, IAM control, firewall management, auditing and monitoring, DLP, security incident and event management, data protection, SSO and conditional access controls.
• Ensure RFP responses and helping delivery team to meet contractual security requirements.
• Bachelor's Degree in Engineering or Equivalent area of study
• Relevant certifications such having CISSP, CISA, CISM, CCSP is an advantage, ISO 27001 LA/LI preferred.
• Minimum 2 or 3 years' of experience in Information Security, Risk Management and Business Continuity management in a corporate environment.
• Excellent understanding of ISO27001, ISO 31000, InfoSec Risk Management, Cyber Security, BCMS and SOC 2 framework along with controls used for securing a business' computer networks and digital information.
• Knowledge of cyber security frameworks
• Working experience of best industry practices of Vulnerability management; Cloud Security; Cyber Security and network security.
• Ability to identify, observe and analyze potential information security risks and develop strategies for preventing threats and quickly addressing breaches
• Good understanding with regulatory compliance requirements such as SOX, PCI-DSS, HIPPA; DPA 2018 / GDPR compliance etc.
• Understanding of IT/Cyber security concepts i.e. IDAM; Active Directory; Firewall; IDS/IPS; Email Security; DLP; Cryptography; Vulnerability management; etc.
• Demonstrated capability for high ownership, hands-on, capable to deliver by self.
• Worked on controls based on ITIL, ISO 20000, ISO 27001, ISO 31000, PCI DSS, CSA, CIS, NIST, GDPR and relevant standards.
• Work shift may require to extend occasionally.