Information Security Specialist

Job Description :The Information Security Specialist is responsible for managing and enhancing the organization's cybersecurity posture. This role involves overseeing outsourced security projects, ensuring regulatory compliance, conducting risk assessments, and driving continuous improvement in security operations. The specialist will work closely with various teams to implement robust security measures and maintain a strong defense against cyber threats. Responsibilities :

• Manage outsourced cybersecurity projects, including Red Team exercises, cybersecurity drills, ASM tool implementations, continuous Red Team assessments, and Breach and Attack Simulation (BAS).
• Ensure timely execution and delivery of project milestones.
• Monitor and follow up on Vulnerability Assessment and Penetration Testing (VAPT) results.
• Ensure compliance with SEBI CSCRF requirements and prepare reports for the board committee.
• Implement automated CSCRF and testing/patch management tools.
• Revamp vendor management for information security policies and procedures.
• Conduct risk assessments and source code reviews.
• Classify applications based on criticality.
• Participate in operational improvements of the Security Operations Center.
• Implement and conduct IS audits and technical assessments.
• Report compliance to SEBI and the board.
• Stay updated on latest regulations and compliance requirements.
• Develop, implement, and monitor a strategic, comprehensive enterprise information security and cybersecurity risk management program.
• Develop, maintain, and publish up-to-date information security policies, standards, and guidelines.
• Perform information security/cybersecurity risk assessments and reporting.
• Implement an effective process for reporting security incidents.
• Run cybersecurity audits as per regulatory requirements.
• Review and analyze data leakage detections.
• Performing Application security assessments, Source code review and guidance on closing observations.
• Continuously assess current information security/cybersecurity practices and systems, identifying areas for improvement.
• Create and manage information security/cybersecurity awareness training programs for new joiners.
• Work with the compliance team to ensure security and privacy programs comply with SEBI and relevant laws, regulations, and policies.
• Periodically review domestic and global cyber-attacks and strengthen the cybersecurity and cyber resilience framework.
• Ensure regular reporting of cyber incidents from members and upgrade the knowledge base.
• Review, update, and provide recommendations on information security, cybersecurity policies, and standards.

Experience :

• 8+ years of experience in the field of information security and IT security.
• Excellent analytical skills.
• Executive-level written and verbal communication skills.
• Interpersonal and collaborative skills.
• Strong problem-solving and critical thinking skills.
• Ability to succeed in fast-paced, high-growth environments.
• Ability to remain calm and competent in high-pressure situations.
• Ability to manage multiple projects under strict timelines.
• High level of personal integrity and ability to handle confidential matters.
• Ability to communicate security and risk-related concepts to technical and non-technical audiences.
• B.E / BTECH
• CISSP/CISA/CISM/ISO27001 certifications.

)