Information Security Officer

Essential Responsibilities include (but are not limited to):

• Help to plan and carry out the organizations information security strategy. Prepare and execute actions based on an ISMS calendar.

• Develop a set of security standards, policies and best practices for the organization.

• Regularly monitor computer networks and systems for security issues, breaches, or intrusions.

• Conduct regular monitoring and review of the information security in engineering projects and all functions/departments.

• Responsible for vulnerability & risk assessment of all information assets.

• Work with the IT & security team to perform tests and uncover network vulnerabilities.

• Fix detected vulnerabilities to maintain a high-security standard.

• Develop company-wide best practices for IT security.

• Perform penetration testing, to find any information security weaknesses in the systems.

• Support IT team to install security measures and software to protect systems and information infrastructure, including firewalls and data encryption programs, results/logs of mobile code, malicious code, and anti-virus software, to notify any intrusions, and scan for irregular system behaviour.

• Support IT team to install required end-point security products and procedures on employees computers, projects & departments systems.

• Develop strategies to respond to and recover from any security breach.

• Investigate security breaches and other cybersecurity incidents and assess the extent of damage.

• Document security breaches and assess the damage they cause. Initiate incident response actions to minimize the impact.

• Stay up to date on information technology security trends, news, best practices and relevant security standards.

• Keep a watch on published and identified infosec threats and mitigations across the industry.

• Research security enhancements and make recommendations to management.

• Ensure required mitigation and preventive actions are taken to protect the company's information assets.

• Conduct periodic trainings, sessions, activities to increase employee awareness about maintaining information security.

• Increase the pool of internal auditors by identifying employees and training them as internal auditors.

• Conduct and participate in meetings of the various groups and forums such as EDRT, IRT, ISMF, etc.

• Review company contracts (MSA & NDA documents) with customers, vendors, contractors and other entities from a information security coverage perspective.

• Review and maintain the AIC and RART data of all departments and engg project groups.

• Ensure regular fire and evacuation drills are conducted to train the employees for actions during an emergency.

• Conduct call tree checks and scenario based table top exercises for reviewing preparedness for BCP / DR actions.

• Conduct periodic internal ISMS audits to review the effectiveness of information security in the organization.

• Consolidate and assess the results of all internal audits. Closure of non-conformities and required actions to strengthen the information security implementation of the organization.

• Liason, plan and proactively support the external auditors from ISMS certifying body in conducting the ISO 27001 surveillance and re-certification audits.

• Respond to customer's ISMS questionnaires in a timely and effective manner.

• Support the customer's ISMS auditors for conducting audits (if required).

• Ensure timely verification and closure of all audit findings (internal & external).

• Prepare reports of ISO activities and audits findings for informing the leadership team on quarterly basis.

• Initiate the Management Review meetings and present the status of information security to the leadership team to seek inputs and make recommendations for improvement.

• Maintain effectiveness of the ISMS with continual improvements.

Candidate must possess:

• Candidate should be based out of Pune location

• Bachelor's degree in computer science or related field - Strong knowledge of ISO 27001 standard and prior experience with ISO 27001

• Strong knowledge of Cybersecurity, information security

• Knowledge of risk assessment tools, technologies, and methods. Strong understanding of endpoint security solutions

• Knowledge of disaster recovery, system and network security scanning tools, technologies, and methods

• Understanding of firewalls, proxies, SIEM, DLP, antivirus, content filtering and IDPS concepts

• Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact

• Experience planning, and developing security policies, standards, and procedures.

• Ability to communicate handle security incidents.

• Good experience in planning and conducting ISMS internal audits

• Experience in liasoning with external auditors from certifying bodies

• Ability to conduct trainings on information security

• A team player who shall able to technically guide the team and also work independently as individual contributor