Responsibilities:

This broadly includes:

Perform internal Information Security Audit activities in the area of ITGC, ISO 27001 and Physical Security across different functions and processes across the company.
Ensure all CIO verticals are compliant with ISMS and other industry standards
Alignment with Client initiated, Internal, Statutory and other audit compliance requirements
Coordinate with various CIO departments to facilitate audits and timely closure of observations
Meeting all defined targets, maintenance of requisite trackers
Monitoring and ensuring quality of audit artefacts generated by information assets and Technology departments
Preparation and submission of periodic reports to CIO and other stakeholders
Understanding of company policies and procedure
Identify gaps and recommend controls to mitigate the same
Ensure ISMS Policies, Standards, Procedures are current and teams comply to the same
Identify and prioritize information security related risks through proactive risk assessments
Assess risks from emerging technologies and design adequate controls and processes
Study & recommend industry best practices, latest trends for continuous improvement of information security

Skills Required:

Excellent exposure towards planning and conducting Information Security Audits
Knowledge and practical application experience of information security 'best practices,' such as ISO 27001/27002, PCI DSS, SOC I Type II
In-depth knowledge of security systems and applications and a strong foundation in core area of security (e.g. OS hardening, DB hardening, Active Directory, Firewalls, IDS, IPS, Router, SIEM, DLP, network and perimeter defense) is preferred
Understanding of organization structure, and ability to work effectively with internal support functions and operational areas
Strong written, communication and presentation skills
Attitude to learning and development, a record of continuous professional development

Lead/Senior Analyst