The Security Analyst / Security Engineer will be responsible for defining, implementing, and managing the organizations enterprise information security vision, strategy, and programs to ensure that information assets and technology systems are adequately protected.

The role will work closely with the CISO, VP, senior leadership, and business units to drive risk assessment, risk management, compliance, and incident response initiatives. The incumbent will oversee the Audit, development and enforcement of security policies, standards, and procedures, while fostering a strong security-first culture across the organization.

Key Responsibilities :

Security Strategy & Governance :

- Develop, implement, and continuously enhance a comprehensive information security strategy aligned with business objectives.

- Establish security governance frameworks, standards, and operating models.

- Foster a security-first mindset across the organization through leadership and advocacy.

Risk Management :

- Identify, assess, and mitigate cybersecurity and information security risks.

- Facilitate enterprise-wide risk assessments and ensure timely risk remediation.

- Work with business and IT teams to embed security controls into systems and processes.

- Should have knowledge for implement TPRM.

Policy & Standards Development :

- Develop, implement, and enforce security policies, standards, and guidelines.

- Ensure policies are aligned with regulatory, legal, and industry best practices.

Incident Response & Threat Management :

- Lead incident response planning, execution, and post-incident analysis.

- Oversee investigations of security breaches, including coordination on disciplinary and legal matters.

- Ensure readiness through tabletop exercises and incident simulations.

Compliance & Regulatory Management :

- Ensure compliance with applicable laws, regulations, and industry standards.

- Support internal and external audits and regulatory reviews.

- Coordinate remediation of audit findings and control gaps.

- Having knowledge of Cyber CSCRF, DPDP & Digital Accessibility framework

Security Operations Centre (SOC) :

- Establish and operationalize a Security Operations Centre (SOC).

- Oversee monitoring, detection, and response to security incidents.

- Define SOC processes, metrics, and escalation mechanisms.

Security Awareness & Training :

- Design and lead security awareness and training programs for employees.

- Promote best practices related to data protection, phishing prevention, and cyber hygiene.

Team Leadership & Stakeholder Management :

- Manage, mentor, and develop a team of security professionals.

- Collaborate with IT, business units, vendors, and senior leadership.

- Provide regular security posture and risk reports to senior management and leadership forums.

Measurement & Continuous Improvement :

- Define KPIs and metrics to measure the effectiveness of cybersecurity controls.

- Continuously assess and improve security tools, processes, and frameworks.

Technical & Functional Skills :

- Strong understanding of information security frameworks and best practices.

- Hands-on or oversight experience in :

a. Malware analysis

b. Data analysis

c. Cloud security

d. Ethical hacking / penetration testing

e. Vulnerability assessment

- Experience with security monitoring, incident handling, and threat intelligence.

- Ability to bridge technical and non-technical discussions effectively.

Qualifications :

Education :

- Bachelors degree in Computer Science, Information Technology, or a related field.

- Masters degree is preferred.

Experience :

- Extensive experience in information security, including :

a. Risk management

b. Compliance & governance

c. Incident response

d. Security operations

e. TPRM Vendor management

Certifications (Highly Desirable) :

- CISSP

- CISM

- CISA

- Other relevant cybersecurity certifications