GRC Engineer - Information Security

Job Description : Title : Engineer, Enterprise Information Security (EIS) Role : Governance, Risk and Compliance About the role : In this role, you will be responsible for establishing and maintaining security governance, risk and compliance program across the organization, aligned to Industry standards such as ISO 27001, ISO 27017, ISO 27018, and ISO 27701. Responsibilities : You will be responsible for : - Defining and maintaining information security policies, standards, procedures, processes and guidelines - Establishing robust security controls to protect the firm and its stakeholders from security breaches / incidents - Implementing and maintaining ISO standards such as ISO 27001, ISO 27002, ISO 27017, ISO 27018, ISO 27701 - Establishing information security risk management processes; identifying and managing information security risks - Establishing cloud security controls - Establishing KPIs, processes, tools and technologies for monitoring the performance of information security controls - Conducting internal audits of information security management system - Managing external security audits and assessments such as ISO certification audits, client audits - Responding to security requirements from RFPs (Request for Proposal), and security assessment questionnaires from clients - Ensuring compliance with clients' security requirements - Establishing and maintaining a vendor cybersecurity risk management process; conducting cybersecurity assessments of vendors and partners - Establishing and maintaining a security education and awareness program - Providing strategic risk guidance for IT projects, including evaluation and recommendation of security controls. - Evaluating new cybersecurity threats and IT trends, and developing effective security controls. Skills that are key for this role : - Excellent communication skills both written and verbal, cross-cultural etiquettes, customer centric and collaborative mindset - Experience in implementing ISO 27001 and ISO 27002 - Knowledge of ISO 27017, 27018, 27701 - Understanding of cloud computing technologies (preferably - AWS) - Knowledge of cloud security and privacy controls, and best practices such as CSA CCM - Ability to partner with and support line of business to understand security risks an implement security controls - Experience in establishing security risk management framework, and managing security risks - Experience in establishing vendor security risk management framework, and conducting security assessments of vendors - Knowledge of DevSecOps model and application lifecycle security best practices Qualification : - Bachelor's / master's degree in information technology or related field - 5 years of work experience in relevant information security domains - ISO/IEC 27001:2013 Lead Auditor / Implementer certification - At least one of the following security certification - CISSP, CISA, CISM Location : Bengaluru, Karnataka, India (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 11/23/2024