Information Security & Privacy Analyst/ Lead
The individual will focus primarily on the Information Security and Privacy practices within the organization. This would be in line with Information Security requirements from business requirements, customer requirements, regulations and certifications such as ISO 27001, SOC2, HIPAA and other compliance programs.
He/ she need to collaborate and working effectively with cross-functional stakeholders across the organization in terms of risk assessments, control and process design and implementation, monitoring, security awareness etc.
He/ she should have an understanding of information security principles and practices, privacy concepts, risks to information or data and suggest appropriate mitigating controls. He should understand the IT processes, systems, applications within the organization and the controls implemented to strengthen systems against any incidents, breaches or outages. He would work with respective teams to analyze security incidents, review RCA and suggest steps to improve the controls.
- Documentation and review of Information Security and Privacy policies and procedures, processes and FAQs
- Respond to customer risk or due diligence questionnaires
- Work with IT team on implementation and review of technical controls
- Work with business units for assessing information security needs, risks and awareness
- Perform Security Risk assessments and recommend mitigation steps
- Perform Privacy assessments as part of GDPR, EU Data Protection, HIPAA, GLBA etc.
- Execute Data Privacy projects that includes subject matter and geographic scope, processing activities, third party involvement, and potential data uses
- Participate in customer or external security audits
- Perform Vendor or Third Party Assessment audits
- Manage Business Continuity program and oversee the Disaster Recovery tests
- Perform adhoc/ periodic review to assess the effectiveness of existing controls
- Plan and manage the access review programs for the organization including logical and physical accesses
- Understand and manage vulnerability advisory mitigation across the organization
- Handle information security incidents including any data breaches
- Develop and deploy Security awareness and training programs
- Understand the latest technology and trends in Security space
Education & Experience
- Bachelors Degree in Engineering or IT; BTech, BE, MCA, MS IT
- Experience of 3-7 years in Information Security, Audit, BCP-DR, Privacy, Compliance or Risk areas
- Good knowledge of Information Security and Privacy concepts and domains
- Working knowledge of industry best practices and regulations like ISO 27001, HIPAA, SOC, NIST, CoBIT, FISMA, PCI DSS, ISO20000, ITIL etc.
- Fair knowledge of IT Infrastructure such as Networks, Firewalls, IDS-IPS, Storage, Servers, Cloud architecture, End User Computing, Security testing etc.
- Fair understanding or experience in IT Operational and Support processes including Cloud Operations
- Fair understanding in Software Development lifecycle processes
- Self-starter with good problem solving skills with critical thinking and conflict management skills
- Attention to Detail with Follow-up and follow-through abilities
- Can multi-task and prioritize between issues, needs and requirements
- Good written and verbal communications skills
- Can work with diverse groups of people
- Possess security certifications such as ISO 27001, CEH, CISM, CISSP, CISA, CIPP, DCPP
- Good working knowledge of MS Office Suite applications