Information Security Analyst

As an Information Security and Compliance Analyst, you will: As the Information Security Analyst, you will be responsible for identifying and monitoring company risk and helping to ensure compliance with changing regulations and security standards. You will be responsible for building and enhancing Discover Dollars security and compliance posture, performing internal security audits, responding to customer security due diligence requests, performing third-party security assessments, and coordinating external annual audits.

Assists in the analysis and implementation of security requirements.

Reviews infrastructure and application architecture for security and compliance; provides actionable guidance to ensure secure infrastructure and application architecture posture.

Provide technical and quality oversight regarding IT risks, controls and technologies, including ongoing risk assessments, risk decisions, control implementation, evaluation of segregation of duties, and process improvement opportunities

Collaborate with Technology Compliance on IT Risk Management, IT Vendor Risk management, and the ongoing evaluation and updating of IT Policies and procedures.

Collaborate with key stakeholders across the organization to ensure that our high-risk vendors are assessed on a frequent basis.

Implement or manage compliance framework (SOC2, ISO 27001, HIPAA/HITRUST) controls and processes into an actionable, well-understood, and monitorable program where control owners are aware of their ownership of controls.

Coordinates all internal and external audits

Perform internal VAPT and validate findings submitted by 3rd parties

Communicate security requirements and implications to stakeholders of varying levels and business focus and manage all employee and business process compliance activities for the entire company.

Assist in the preparation of executive presentations and participate in recurring security governance oversight meetings.

Coordinate policy and standard development including ensuring policies/standards remain in sync with operational practices, overseeing the policy/standard change management process and coordinating a policy/standard exception process

Interacting with prospects/ customers and support security due-diligence requests.

Provide timely, accurate responses to customer inquiries.

Provide security training and campaigns

Requirements

Required skills and experience:

Bachelors degree is required in a related field; information systems, computer science preferred

Minimum experience of five years in internal or external auditing, with emphasis on IT auditing, preferably with larger companies having complex IT environments

Proven experience with evaluating security and controls on various on-premise and cloud-based technologies

Experience leading and/or with managing the entire audit lifecycle of a certification program for at least one of the following- ISO 27001, SOC 2

Strong ability to understand, assess and prioritize risks across the components of the IT environment (application, operating system, and database)

Solid communication skills, including a proven ability to articulate to others outside of Compliance (e.g. Controllership) complex IT risks, their impact, and the required action plans to address those risks

Good to have: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professionals (CISSP); ISO 27001 Lead Auditor/ Lead Implementer

Personal Attributes

Ability to cope in a complex and fast-changing business environment, and to respond calmly and rationally to changing aspirations in a deadline-driven situation.

Strong planning and organizing skills including the ability to manage several work streams simultaneously.

Excellent communication skills with a capacity to present, discuss and explain issues coherently and logically both in writing and verbally.

Good influencing and persuasion skills with the ability to enthuse and inspire multidisciplinary teams and build successful relationships at all levels.

Good team player, self-motivated and able to work on own initiative.

Clear decision-making ability with the facility to judge complex situations and assess when to escalate issues.

Ability to balance conflicting and changing demands through prioritization and a pragmatic approach.

Years of Experience: The candidate should have 2 to 5 years of relevant experience

Education: Bachelor s degree in related field

Location: Bangalore

Required skills and experience: Bachelor's degree is required in a related field; information systems, computer science preferred Minimum experience of five years in internal or external auditing, with emphasis on IT auditing, preferably with larger companies having complex IT environments Proven experience with evaluating security and controls on various on-premise and cloud-based technologies Experience leading and/or with managing the entire audit lifecycle of a certification program for at least one of the following- ISO 27001, SOC 2 Strong ability to understand, assess and prioritize risks across the components of the IT environment (application, operating system, and database) Solid communication skills, including a proven ability to articulate to others outside of Compliance (e.g. Controllership) complex IT risks, their impact, and the required action plans to address those risks Good to have: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professionals (CISSP); ISO 27001 Lead Auditor/ Lead Implementer