Job Title: Information Security and Compliance Analyst
Education: Any Degree
Location: Mumbai
Experience: 0 -1 year
Key Skills: ISMS, PIMS, CISA, ISO 27001:2022 LI/LA, ISO 27701:2019 LI / LA and PCI DSS
Information Security and Compliance Associate Reports to Sr. Director of Information Security. Information Security and Compliance Associate position’s core responsibilities are to assist in technical Information Security assessments and reporting using ServiceNow Governance Risk and Compliance module against defined standards and controls. Also assisting in Risk assessment through the information Security Management System and related ISO control framework. This position will be responsible to work on periodic compliance check and report.
Required Skills:
Technical Compliance review:
Conduct periodic compliance checks, record and update tickets followed by defined policy and procedures.
Perform health check for security applications on daily basis and perform regular review of events reported on various security tools.
Assisting in dashboard creation and reporting on various elements from Cybersecurity and compliance.
Assisting in periodic review and reporting of vulnerability management, DLP, Endpoint protection, SIEM.
Proactive review and update security /normal incidents/tickets on daily basis
Conduct periodic assessment based on defined Information system control in ServiceNow GRC and update result/status.
Perform the periodic review of IT/FM/HR/ Business Operation according to Datavail Policy and procedures.
Assist in global internal audit based on defined Information system and privacy control (ISO 27001 and ISO 27701), with various departments on defined frequency.
Document audit results in ServiceNow GRC and act as the point of contact for audit responsibilities.
Participate in Risk assessment exercise based on defined calendar.
Assist in vendor risk assessment using defined module on ServiceNow on defined frequency.
Proactively identify opportunities to improve the quality of reporting and usability of the available information.
Provide reporting and metrics to the Information Security team on a defined frequency to show results of the above activities.
Skills and Experience:
Fresher or/ work experience in Information Security Audit and compliance
Technical ability to understand various IT and security management systems
Knowledge of information security, cyber security “best practices,” such as ISO 27001/27002, ISO 27701, PCI-DSS, NIST, Data Protection and Privacy.
The successful candidate will possess the following attributes:
Interpersonal skills – ability to build strong relationships with internal team members and to work across the organization to achieve results.
Professional communication skills – Ability to work effectively with mid and senior level contacts face to face, electronically and over the phone.
Integrity – Words and actions are always consistent and behavior is always in accordance with highest ethical standards.
Technical acumen – Ability to grasp technical concepts and establish credibility with technical contacts.
Strong learning ability
Process orientation – Ability to recognize process deficiencies and implement improvements.
Qualifications:
Graduate in Computer Science / equivalent with / or / A Security Certification or knowledge in leading audit security standards such as CISA/ ISO 27001 LI / LA / ISO 27701 LI.