The Information Security role is responsible for managing and executing information security initiatives and projects across MHIL.

The position ensures that newly introduced IT projects and existing infrastructure comply with organizational security standards through comprehensive technical security assessments and risk management practices.

The role provides hands-on expertise in vulnerability management, application and infrastructure security, and incident response.

Key Roles & Responsibilities :

Information Security & Risk Management :

- Lead and manage Information Security projects across MHIL.

- Perform Technical Risk Assessments for new and existing IT systems and applications.

- Conduct security assessments for newly onboarded IT projects to ensure compliance with security policies and standards.

- Identify, analyze, and mitigate technical security risks across the organization.

Vulnerability & Threat Management :

- Plan and manage Vulnerability Assessment and Penetration Testing (VAPT) activities, including coordination with internal teams and external vendors.

- Track, analyze, and ensure remediation of vulnerabilities identified during assessments.

- Perform configuration reviews and security hardening of systems, applications, databases, and network devices.

Endpoint & Infrastructure Security :

- Manage Anti-Virus (AV) and Endpoint Detection & Response (EDR) solutions, including deployment, monitoring, and policy enforcement.

- Oversee Infrastructure Security covering servers, networks, operating systems, and cloud environments (if applicable).

- Implement and monitor Patch Management processes to ensure timely remediation of security vulnerabilities.

Application Security :

- Conduct Application Security assessments, including secure code review (as applicable) and application vulnerability testing.

- Work closely with development and project teams to integrate security controls into the application lifecycle (SDLC).

Security Monitoring & Incident Response :

- Support SIEM/SOC operations, including log monitoring, alert analysis, and threat investigation.

- Participate in Incident Response activities, including detection, containment, investigation, and remediation of security incidents.

- Assist in developing and maintaining incident response procedures and playbooks.

Governance, Documentation & Compliance :

- Prepare and maintain security documentation, risk reports, and assessment findings.

- Support audits, compliance reviews, and regulatory requirements as applicable.

- Provide security guidance, awareness, and best practices to IT and business teams.

Technical skills :

- Strong hands-on experience in VAPT and Technical Risk Assessments

- Expertise in Application Security and Infrastructure Security

- Experience with AV/EDR tools and endpoint security solutions

- Knowledge of Patch Management tools and processes

- Hands-on experience in Configuration Assessment and System Hardening

- Working knowledge of SIEM/SOC operations and Incident Response

- Understanding of security standards and frameworks (ISO 27001, NIST, etc.)

Qualification & Experience :

- Graduation in any discipline with computers as a subject

- Additional Information Security certifications from recognized organizations (preferred)

- Examples : CEH, CISSP, CISM, ISO 27001 LA, Security+, etc.

- 5 years of experience in Information Security / Cyber Security roles