Cyber Security Engineer

Role Overview

We are looking for a motivated Cyber Security Engineer with 2+ years of experience to support our organization’s security, risk, and compliance initiatives. This role involves hands-on participation in audits, risk assessments, and security operations, along with ensuring adherence to regulatory and industry standards.

Key Responsibilities

• Assist in planning and conducting internal audits to evaluate internal controls, risk management practices, and regulatory compliance
• Draft, review, and maintain organizational policies and procedures
• Support implementation and compliance with standards such as ISO, SOC 2, and RBI regulatory requirements
• Perform vendor risk assessments, including evaluation of third-party controls and compliance posture
• Review NDAs, SLAs, and vendor agreements from a risk and control perspective
• Maintain and update the risk register, including risk identification, assessment, and mitigation tracking
• Conduct periodic risk assessments and monitor remediation efforts
• Perform user access reviews, reconciliation, and resolve discrepancies
• Maintain access control metrics and assist in creating dashboards for reporting
• Support review of IT General Controls (ITGC), including logical access, data center operations, and network security
• Assist in coordinating Vulnerability Assessment and Penetration Testing (VAPT) activities
• IP and port scanning Internal network assessments
• Web application testing
• Work with internal teams to gather audit evidence, document findings, and track action items to closure

.

Required Skills & Qualifications

• 2+ years of experience in Cyber Security, IT Audit, Risk, or Compliance roles
• Basic to intermediate knowledge of ISO, SOC 2, and RBI regulatory frameworks
• Understanding of risk management concepts and internal control frameworks
• Experience in vendor risk assessments or third-party risk management is preferres
• Familiarity with reviewing contracts such as NDAs and SLAs from a risk perspective
• Knowledge of ITGC, access control processes, and security governance basics
• Exposure to VAPT processes and common security testing tools
• Strong analytical, documentation, and problem-solving skills
• Good communication skills and ability to collaborate with cross-functional teams

Preferred Qualifications

• Certifications such as ISO 27001 (Foundation/Lead Auditor), CISA (pursuing/cleared)
• Experience in fintech, banking, or other regulated environments
• Familiarity with GRC tools or risk management platforms