Security Engineer - II

Role : Security Engineer - II (GRC)

Key Responsibilities

• Creating, updating, and maintaining organization information security policies, and procedures.
• Working with various departments to promote a culture of security awareness and assist in driving the information security training & awareness program.
• Assist in conducting the various simulations and campaigns for awareness and maintain measure the effectiveness.
• Assist in Information security projects implementation as per the projects assigned.
• Identifying & analysing the risks in accordance with the organization policies and process. Maintain and update of the information risk register for monitoring and tracking the risk treatment plans.
• Be an enabler and support business and corporate functions in implementing the risk mitigation plans and audit observations.
• Working closely with IT and other business function for IS assessments and various risk review activities.
• Track, monitor and report the status of the information security exceptions identified and notified to CISO function.
• Assist in various internal and external audits and maintaining security compliance in accordance with PCI-DSS, ISO 27001:2022, NIST CSF, Privacy Framework and other regulatory audits as per the organization requirements.
• Monitor and maintain the KPI matrix and thresholds for the defined security controls for CISO function and management reporting.
• Working closely with Tech/IT and other business function for IS assessments and various risk review activities.
• Keeping abreast of evolving regulatory requirements, industry best practices, and emerging security threats.

CTQ:

• 6-7 years of experience in IT and IS audits and compliance frameworks such as ITIL, ISO 27001:2022, PCI-DSS, NIST CSF, SOC 2 TYPE II. Preferable ISO27001:2022 certified.
• Bachelor’s degree in Computer Science or Computing related discipline.
• Have worked on ISMS policy & procedure and its implementation.
• Have worked in product/technology organizations. Preferable e-commerce industry.
• Knowledge of Risk assessments frameworks.
• Having good documentation skills.
• Are willing to learn from everyone, communicate well, and strive to be an effective team member.
• Analytical skills, result oriented with go-getter attitude.
• Stakeholder management across business unit for the functional requirement.