Information Security Engineer

Position Name - Security & IT-GRC Analyst

Summary - Individual will primarily be responsible to research, evaluate, design, configure, implement, maintain and monitor the security systems and product solutions and triage security incidents related to such platforms. The role will also be responsible for general security administration duties including O365 Security, Security configuration management, Security Policy Management, continuous monitoring and improvement and cross-platform intelligence generation and reporting.

Details - The role will be responsible for designing, building, and monitoring core Cyber Security systems and capabilities and focusing on enhancements and fine-tuning areas. Qualified candidates will have proven technical expertise and extremely strong in Security principals, concepts and industry best practices. The position will Identify, respond, and mitigate cyber threats and risks attempting to compromise company systems and assets across the global landscape. This position will work with larger Cyber Security team to enforce and maintain security technologies across the global enterprise.

This position will enforce security controls and policies across the global workforce though Security tools and platforms, through network devices like firewalls , end point Security, Malware analysis platforms , Application security platforms , cloud security platforms, including monitoring platforms like SIEM based and XDR / SOAR platforms.

The Role also involves IT-GRC tasks and responsibilities. The resource will be responsible for administering, evaluating, implementing and monitoring the effectiveness of IT general and entity level controls, performing 9nternal Audits to identify gaps , performing risk assessments, evaluating BCP and performing annual table top bcp and incident response walkthroughs.

Note - The role will be a generally a split 50-50% between Security functions and IT-GRC Functions and may increase in one area to accommodate the workload as required. E.g. Increasing to 70% IT-GRC and 30%Security during preparation of External Audits and/or vice versa as applicable when Security needs attention due to an incident. Knowledge of Sentinel programming is a plus.

Position is based in Gurgaon Office, INDIA.

Security Responsibilities -

· Strong hands-on experience in security tools covering EDR,ITP, SAOR Fusion, API integrations etc. and continuously fine tune policies to improve overall proception capabilities and posture.

· Experienced in SIEM platforms, Elastic Security (ELK Stack), Microsoft Sentinel etc.,

· Good experience in working/communicating with cross-functional IT infrastructure teams like network, system, database, application, security to build and manage effective security operations.

· Exposure to using frameworks and compliances like MITRE ATT&CK. CIS Critical Controls, OWASP, SOC2, ISO 27001 etc.

· Ability to work with internal / external Audit teams and represent organizational responses

· Exposure to related areas of cybersecurity including Host Security, Network Security, IAM, Vulnerability Management, DLP, Penetration Testing, Compliance etc.

· Deep dive analysis of triggered alerts using various security solutions.

· Good understanding of various SOC processes like monitoring, analysis, playbooks, escalation, incident documentation, SLAs, client meetings, BCP, report creation and ability to explain.

· Perform root case analysis of incidents/breaches and maintain compliance to global data privacy laws like GDPR etc.

· Maintain up-to-date documentation of designs/configurations

Key IT- GRC Responsibilities:

· Risk Assessment and Management: Identify, assess, and prioritize IT-related risks, developing mitigation strategies.

· Compliance Management: Ensure adherence to relevant regulations, industry standards, and internal policies. E.g. GDPR, CCPA, ISO 270001, SOC2.

· Policy Development and Implementation: Create and maintain IT governance policies and procedures.

· Audit Management, tracking and Reporting: Conduct internal audits, document findings, and prepare reports for management and stakeholders.

· Collaboration: Work with IT, security, and other business teams to implement and maintain GRC programs.

· Staying Current: Keep abreast of evolving regulations, industry best practices, and emerging technologies, continuous controls evaluation, mapping to standards and improvement, evaluating existing IT general and entity level controls and improving them.

Skills and Qualifications:

· Technical Skills: Understanding of IT systems, networks, and security technologies.

· Analytical Skills: Ability to analyze data, identify trends, and make recommendations.

· Communication Skills: Ability to explain complex technical concepts to non-technical audiences.

· Problem-Solving Skills: Ability to identify and resolve issues related to compliance and risk.

· Certifications: CISA , CISM , CISSP , or other relevant certifications can be beneficial.

Soft & Analytical Skills

· Ability to fluently communicate in English with local and international users

· Ability to communicate effectively with peers and management

· Having the Ability to critically think and problem solve a given situation /challenge

· Ability to collaborate with peers and team members within and outside security function and the large organizational teams.

· Ability to logically reason out and question and improve posture and control positions

· Being proactive and self-driven

Experience / Certification / Licenses

· 5Years (Min) – 8 Years experience required,

· Bachelor's degree in computer science, information science or related field

.certification include (at least 1 min preferred): CISSP , CISM, CISA , CRISC , Security+, GIAC, GSEC, GCIA, GCFA, GCTI r similar equivalent certifications