Job Title: Lead Information Security Analyst
Business Unit Overview:
Within the Global Information Security organization, the Security Risk and Control (SRC) function provides a structured framework for managing security across the organisation, aligning security efforts with business objectives, and ensuring compliance with regulatory requirements. Effective Security Risk and Control framework establishes policies, oversight of risk management and ensures adherence to relevant laws and industry standards.
Position Specifications:
Corporate Title |
Associate |
Functional Title |
Lead Information Security Analyst |
Experience |
7 to 9 years |
Qualification |
Bachelor’s degree in engineering (Computer / Telecommunication), Computer Science / Information Technology or equivalent |
Requisition No. |
|
Job Summary:
We are seeking an experienced Information Security professional to join the Security Risk and Control team. The ideal candidate will have a strong background in risk management, regulatory change management, compliance, and audit management. This role requires a combination of technical expertise, excellent communication skills, and a thorough understanding of information security principles.
Role & Responsibilities:
Regulatory Management
- Monitor and interpret regulatory changes affecting information security
- Ensure compliance with relevant laws and regulations
- Regulatory Change Management
Audit Management
- Coordinate and manage audit exercises conducted by internal and external auditors, regulators, or external assessors
- Liaise with various Information Security teams to prepare audit documentation and evidence
- Liaise with the various Information Security Leads to address audit findings and tracking corrective actions for audit closure
Risk Management
- Conduct comprehensive risk assessments to identify potential operational, financial, strategic and compliance risks
- Analyse risk trends and emerging threats to provide insights for risk mitigation strategies
- Work with cross-functional teams to ensure proper controls are in place to reduce risk exposure.
Requirements – Skills, Experience, and Certifications:
Technical Skills
- Knowledge of regulatory frameworks and requirements (e.g., SEBI, RBI, MAS) and experience with regulatory compliance
- Familiarity with security standards (e.g., CRI, ISO 27001, NIST)
- In-depth understanding of information security principles and practices
- Knowledge of current cyber threats and mitigation strategies
Soft Skills
- Excellent communication and interpersonal skills
- Strong analytical and problem-solving abilities
- Ability to work independently and as part of a team
- Detail-oriented with strong organizational skills
- Ability to manage multiple tasks and projects simultaneously
Experience
- 7-9 years of experience in information security, with a focus on risk management, regulatory change management, compliance, and audit management
- Proven track record of managing and mitigating information security risks
Certifications
- Information Security related professional certifications (e.g., Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), etc.)