Job Location - Goregaon office - R tech.

Experience - 10 - 16 Years

Role & responsibilities:

To handle technical information security aspects of (NBFC) including handling information security tools, application security testing, infrastructure security testing, technical security compliance and cloud security controls. The role defines, implements and monitor security controls for IT assets of the organization

- Third-party Risk Management: Review the risk assessments of third-party vendors, ensuring compliance with security standards and mitigating potential threats.

- Application Security testing: It includes the review of technical assessment (code review, application security & vulnerability assessment) of partner & internal infrastructure.

- Data Security: Review of the Access controls, Encryption, and Data Loss Prevention (DLP)

controls to safeguard confidential data. Review of the security controls implemented for cloud environments and services.

- Internal & External Regulatory Audits & Compliance: Lead internal and external regulatory audits to assess the effectiveness of security controls, vulnerability assessments, ensuring compliance with relevant standards and regulations. Organize Information Security Committee (ISC) meetings with Senior Management.

- Information Security Awareness & Emergency Response: Ensure Information Security awareness for all employees and vendor staff. Conduct tabletop exercises to discuss various business disruption scenarios for Senior Management.

- Security Operations Centre (SOC) monitoring: Monitoring & closure of the security alerts observed by the centralized SOC & vulnerabilities observed in the infrastructure & networks. Brand protection & Dark web alerts monitoring & closure.

- Security tools implementation & monitoring: Security Architecture review, Network review, Implementation, monitoring & support of various security tools (PAM, Guardicore, DAM, DLP, EDR, VAPT etc.) as per the organizational requirements.

Requirements:

- Master's or bachelors degree in information technology / Information Security / Computer Science, or a related field.

- 10 years of proven experience in Information Security, specifically in vendor risk assessments, cloud security, compliance, and business continuity.

- Experience with security auditing, policy development, and emergency response protocols.

- Hands-on experience in cloud security management (e.g., AWS, Azure).

- Familiarity with Business Continuity and Disaster Recovery planning.

- Strong problem-solving skills and attention to detail.

- Excellent communication skills and the ability to collaborate with stakeholders at all levels.

Preferred Qualifications:

- Certifications such as CISSP, CISM, ISO 27001 LA, ISO 22301 LA.

- Technically hand-on person having worked on AWS, AZURE, or OCI cloud security.

- Experience in a fast-paced or enterprise-level organization.

- Proficiency in risk management frameworks.