Information Security Analyst

Description :

Key Responsibilities :

ISMS Implementation & Management :

- Lead the development, implementation, and continuous improvement of the Information Security Management System (ISMS) aligned with ISO 27001 standards.

- Maintain and update ISMS policies, procedures, guidelines, and controls.

- Ensure compliance with internal security requirements and applicable laws, regulations, and frameworks.

- Manage the Information Security Risk Register, identify vulnerabilities, and propose mitigation measures.

Risk Management & Compliance :

- Conduct regular information security risk assessments, internal audits, gap analyses, and readiness assessments.

- Monitor and ensure compliance with data protection laws such as GDPR, DPDP Act, HIPAA, or region-specific regulations (as applicable).

- Maintain compliance with industry standards and frameworks such as ISO 27001, SOC 2, NIST, PCI-DSS, etc.

- Identify potential compliance issues and drive corrective and preventive actions (CAPA).

Audit & Governance :

- Plan, coordinate, and lead internal and external ISMS audits.

- Prepare audit documentation and ensure successful certification and surveillance audits.

- Work with third-party auditors and certification bodies.

- Develop governance dashboards and reports for senior leadership.

Security Controls & Technical Oversight :

- Collaborate with IT and security teams to implement, review, and maintain technical controls such as :

- Access control & identity management

- Network security & monitoring

- Endpoint protection

- Vulnerability scanning and patch management

- Logging & SIEM solutions

- Data loss prevention (DLP)

- Encryption and key management

- Oversee security incident management and coordinate incident response activities.

Training, Awareness & Documentation :

- Develop and deliver security awareness programs and workshops for employees.

- Ensure proper documentation of processes, incidents, audit findings, and evidence for compliance.

- Promote a culture of security and compliance throughout the organization.

Vendor & Third-Party Risk Management :

- Conduct third-party vendor assessments and ensure compliance with security guidelines.

- Review vendor contracts and security clauses.

- Manage ongoing monitoring of external service providers and partners.

Required Skills & Qualifications :

Experience :

- 4-8 years of experience in Information Security, Risk Management, or Compliance roles.

- Hands-on experience in implementing and managing ISO 27001 based ISMS.

- Experience handling external audits, certification processes, and compliance assessments