Zupee - Information Security Specialist

Key Responsibilities:

- Define, implement and maintain the Information Security Management System (ISMS) and Privacy Standards in compliance with frameworks, standards and regulations such as ISO 27001, Service Organization Controls (SOC), General Data Protection Regulation (GDPR), NIST

- Develop and maintain the controls that act as a single repository of controls to operate in order to align with the organization information, security policies, industry standards and regulations applicable to the Company and its Customers

- Plan and execute periodic risk assessment based on ISO 27001 and 31000 based Risk Assessment and Management Methodology

- Maintain SOC 1 & 2 Compliance, monitor and report effectiveness

- Define, Review and Maintain the organizational information security policies, process, procedures and control framework in line with ISO 27001:2013 standard and best practice to ensure it is adequate to address the emerging risks due to changing environment and technology

- Align customers and internal information security objectives to the ISMS and Privacy Standard

- Work with all internal stakeholders for implementing controls for respective functions and ensuring the continuous operating effectiveness of the controls

- Assess and review the contracts/agreements of customers and vendors for information security related clauses/requirements

- Liaise with security vendors, suppliers, service providers and external resources for new security tools for improving security

- Lead the information Security Audits/Assessments/Remediation of third party vendors/suppliers and present key risks to the management

- Conduct Information Security Awareness and Training programs for employees as a part of their induction and regular awareness

- Oversee information security incident management process for incident reporting, containment, resolution and root cause analysis

- Plan and Co-ordinate BCP and DR tests

- Conduct periodic information security review meetings

- Work with teams on technical implementation and preferably be able to perform hands-on system related technical tasks as and when required (preferable past experience in IT, AWS and Security Administration Experience)

Desired Profile:

- Minimum 10 years of relevant experience

- BE/B.Tech/BSC Computer Science with active CISSP/CISA

Expertise/Experience

- ISO27001, SOC and 31000 based Risk Assessment and Management Methodology

- Implementation of ISO 27001, SSAE16/SOC, NIST Requirements

Privacy Regulations

- Information Security Support in a customer facing environment

- Managing ISMS and compliance to Privacy Regulations

- Security Incident Management, BCP DR Planning and Co-ordination

- Client and Vendor Security Management Practices

Performing and facing audits

- Experience in action plan designs for control weaknesses

- Experience of implementing/auditing cloud security controls

The role reports to Head Risk Management, Internal Audit, Ethics & Integrity

Organization Skills:

- Self-Driven and Initiator

- Ability to multi-task effectively and work under pressure

- Task Finisher