Information Security Officer (Immediate joiners only)

Essential Responsibilities include (but are not limited to):

Help to plan and carry out the organization's information security strategy. Prepare and execute actions based on an ISMS calendar.

Develop a set of security standards, policies and best practices for the organization.

Regularly monitor computer networks and systems for security issues, breaches, or intrusions.

Conduct regular monitoring and review of the information security in engineering projects and all functions/departments.

Responsible for vulnerability & risk assessment of all information assets.

Work with the IT & security team to perform tests and uncover network vulnerabilities.

Fix detected vulnerabilities to maintain a high-security standard.

Develop company-wide best practices for IT security.

Perform penetration testing, to find any information security weaknesses in the systems.

Support IT team to install security measures and software to protect systems and information infrastructure, including firewalls and data encryption programs, results/logs of mobile code, malicious code, and anti-virus software, to notify any intrusions, and scan for irregular system behaviour.

Support IT team to install required end-point security products and procedures on employees computers, projects & departments systems.

Develop strategies to respond to and recover from any security breach.

Investigate security breaches and other cybersecurity incidents and assess the extent of damage.

Document security breaches and assess the damage they cause. Initiate incident response actions to minimize the impact.

Stay up to date on information technology security trends, news, best practices and relevant security standards.

Keep a watch on published and identified infosec threats and mitigations across the industry.

Research security enhancements and make recommendations to management.

Ensure required mitigation and preventive actions are taken to protect the company's information assets.

Conduct periodic trainings, sessions, activities to increase employee awareness about maintaining information security.

Increase the pool of internal auditors by identifying employees and training them as internal auditors.

Conduct and participate in meetings of the various groups and forums such as EDRT, IRT, ISMF, etc.

Review company contracts (MSA & NDA documents) with customers, vendors, contractors and other entities from a information security coverage perspective.

Review and maintain the AIC and RART data of all departments and engg project groups.

Ensure regular fire and evacuation drills are conducted to train the employees for actions during an emergency.

Conduct call tree checks and scenario based table top exercises for reviewing preparedness for BCP / DR actions.

Conduct periodic internal ISMS audits to review the effectiveness of information security in the organization.

Consolidate and assess the results of all internal audits. Closure of non-conformities and required actions to strengthen the information security implementation of the organization.

Liaison, plan and proactively support the external auditors from ISMS certifying body in conducting the ISO 27001 surveillance and re-certification audits.

Respond to customer's ISMS questionnaires in a timely and effective manner.

Support the customer's ISMS auditors for conducting audits (if required).

Ensure timely verification and closure of all audit findings (internal & external).

Prepare reports of ISO activities and audits findings for informing the leadership team on quarterly basis.

Initiate the Management Review meetings and present the status of information security to the leadership team to seek inputs and make recommendations for improvement.

Maintain effectiveness of the ISMS with continual improvements.

Candidate must possess:

Candidate should be based out of Pune location

Bachelor's degree in computer science or related field - Strong knowledge of ISO 27001 standard and prior experience with ISO 27001

Strong knowledge of Cybersecurity, information security

Knowledge of risk assessment tools, technologies, and methods. Strong understanding of endpoint security solutions

Knowledge of disaster recovery, system and network security scanning tools, technologies, and methods

Understanding of firewalls, proxies, SIEM, DLP, antivirus, content filtering and IDPS concepts

Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact

Experience planning, and developing security policies, standards, and procedures.

Ability to communicate handle security incidents.

Good experience in planning and conducting ISMS internal audits

Experience in liaising with external auditors from certifying bodies

Ability to conduct trainings on information security

A team player who shall be able to technically guide the team and also work independently as individual contributor