Senior Security Engineer

Role : Security Engineer - II (GRC)

Key Responsibilities Creating, updating, and maintaining organization information security policies, and procedures. Working with various departments to promote a culture of security awareness and assist in driving the information security training & awareness program. Assist in conducting the various simulations and campaigns for awareness and maintain measure the effectiveness. Assist in Information security projects implementation as per the projects assigned. Identifying & analysing the risks in accordance with the organization policies and process. Maintain and update of the information risk register for monitoring and tracking the risk treatment plans. Be an enabler and support business and corporate functions in implementing the risk mitigation plans and audit observations. Working closely with IT and other business function for IS assessments and various risk review activities. Track, monitor and report the status of the information security exceptions identified and notified to CISO function. Assist in various internal and external audits and maintaining security compliance in accordance with PCI-DSS, ISO 27001:2022, NIST CSF, Privacy Framework and other regulatory audits as per the organization requirements. Monitor and maintain the KPI matrix and thresholds for the defined security controls for CISO function and management reporting. Working closely with Tech/IT and other business function for IS assessments and various risk review activities. Keeping abreast of evolving regulatory requirements, industry best practices, and emerging security threats.

CTQ: 6-7 years of experience in IT and IS audits and compliance frameworks such as ITIL, ISO 27001:2022, PCI-DSS, NIST CSF, SOC 2 TYPE II. Preferable ISO27001:2022 certified. Bachelor’s degree in Computer Science or Computing related discipline. Have worked on ISMS policy & procedure and its implementation. Have worked in product/technology organizations. Preferable e-commerce industry. Knowledge of Risk assessments frameworks. Having good documentation skills. Are willing to learn from everyone, communicate well, and strive to be an effective team member. Analytical skills, result oriented with go-getter attitude. Stakeholder management across business unit for the functional requirement.