Senior Security Compliance Consultant
Senior Security Compliance Consultant
Posted on :
27-05-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Today the corporate landscape is dynamic and the world ahead is full of possibilities! None of the amazing things we do at Infosys would be possible without an equally amazing culture the environment where ideas can flourish and where you are empowered to move forward as far as your ideas will take you.
At Infosys we assure that your career will never stand still we will inspire you to build whats next and we will navigate further together. Our journey of learnability values and trusted relationships with our clients continue to be the cornerstones of our organization and these values are upheld only because of our people.
The Role
In your role asSecurity Compliance Consultant you will help us achieve our goals and deliver success on behalf of our customers by:- Building and overseeing our Information Security controls framework and environment in line with industry standards to ensure enterprise-wide security compliance and leading us to ISO27001 certification.
- Collaboratively creating implementing and maintaining security policies standards and procedures which improve our posture in alignment with industry best practice and internationally recognised compliance standards.
- Ensuring the annual successful execution of all compliance recertification efforts by leading and coordinating our preparation responses and submissions for certifications such as ISO27001 PCI DSS and SOC2 etc.
- Providing assurance to our customers by coordinating the responses to customer RFP questions and customer audits in the Information Security area.
- Coordinating with and supporting our Legal Risk & Compliance teams in understanding and quantifying security risk responding to third-party requests and performing security assessments of our suppliers their products and services.
- Tracking our security awareness programme compliance.
- Acting as a subject matter expert on compliance requirements and consulting across the enterprise to ensure or products and services are secure and compliant by design.
Responsibilities
As a company we hire people with a willingness to adapt to a variable role so along with the key responsibilities below we ask for ownership of any other duties as required.- Create review update and complete information security policy standards and guidelines maintaining document management disciplines and dependency mapping; consulting with and coordinating the input of SMEs as needed.
- Conduct security risk assessments business impact analyses and recommend appropriate control improvements. Provide oversight and assurance of corrective preventative or remediation activities escalating issues at risk of missing deadlines in a timely and efficient manner.
- Maintain a security risk register in collaboration with the Risk and Compliance team which documents and quantifies risks tracks remediation plans risk ownership and acceptances and facilitates regular reviews. prioritisation and overall residual risk reduction.
- Coordinate and lead our responses to customer RFP questions and security audits in a timely and efficient manner helping to create repeatable re-usable answers and examples for common questions and ensuring all responses are traceable to SMEs and responsible teams within the organization. Represent the Information Security Department directly with customers when required.
- Lead the security assessment aspects of our third-party assurance programme by developing and maintaining questionnaires and collating responses enhancing the supporting processes where applicable. Coordinate the assessment programme and conduct additional risk-based information security due diligence activities against suppliers to provide appropriate levels of assurance to key stakeholders when needed.
- Stay up to date with the latest security and technology trends and development. Research and evaluate emerging security threats and closely monitor and understand current and potential changes to compliance frameworks and regulations making recommendations on mitigations and programs for the organization to address them.
- Ensure that security architecture and compliance concepts and best practices are embedded throughout the business. Ensure compliance training is regularly updated and completion rates monitored.
- Consult with internal teams clients auditors and regulators regarding information security compliance and related topics as necessary. Act as a subject matter expert when internal teams have questions/need guidance and be a liaison with external compliance advisory firms as well as the governing body and industry communities.
- Liaise with internal teams and stakeholders (e.g. Legal Privacy GDPR Risk and Compliance) in relation to security compliance to ensure coordination of requirements agreed controls and shared consistent documentation and tooling wherever possible.
- Gain knowledge and understanding of our goals and culture and ensure that our control and compliance framework delivers the information security architecture and compliance strategy aligned with industry best practices and the company security posture defined by the CISO.
- Contribute advice and guidance for departmental security strategies to manage identified risks and ensure adoption and adherence to standards and compliance frameworks.
- Develop and maintain documentation controls processes workflows metrics reporting solutions and applications/tools as needed to ensure effective operation and visibility of the state of the compliance function.
- Engage as required during actual and simulated incidents and recovery operations.
- Ensure all processes and controls that fall within your area of responsibility are operating effectively and are correctly evidenced.
- Travel periodically as required for customer company or relevant events.
Skills and Experience
Must haves- 3 or more years experience with ensuring information security compliance preferably in highly regulated environments.
- Strong experience working with building and implementing successfully a range of security control frameworks including ISO27000 and SOC 2 e.g. worked as ISO27001 Lead Auditor/Implementer.
- Strong experience of ISMS security risk management and associated practices.
- Experience of performing internal or third-party security compliance assessments.
- Bachelors degree preferred in information assurance computer science engineering or related field.
- Demonstrated ability to multi-task work calmly under pressure think analytically understand complex systems and communicate complexity effectively.
- Ability to communicate clearly with both technical and non-technical staff and stakeholders at different levels across the business.
- Excellent written and verbal communication as well as good presentation skills. Proficient English language skills are required.
- Be able to build relationships and influence actions from all areas of the business including senior leadership engineering teams and auditors and regulators.
- Ability to adapt and stretch capabilities and skills to meet the business needs of a fast-growing technology firm.
- Ability to create repeatable and re-usable principles processes and solutions.
- Broad knowledge / understanding of basic technical security controls / control frameworks including but not limited to areas such as cloud computing network security endpoint security and identity and access management etc.
- Knowledge of common security vulnerabilities/risk factors in information processes infrastructure and applications e.g. Separation of Duties CVEs OWASP Top 10 etc.
- Preferably one or more of the following security qualifications: ISO270001 LI/LA PCIP ISA CISA CISM or similar.
- Strong/Deep understanding of information security controls technologies policies processes and best practices as applied to applications compute networking cloud and containers.
- Experience / knowledge of Financial Services Compliance such as PCI.
Why Infosys
Infosys is a global leader in next-generation digital services and consulting. We enable clients in more than 50 countries to navigate their digital transformation.
With nearly four decades of experience in managing the systems and workings of global enterprises we expertly steer our clients through their digital journey. We do it by enabling the enterprise with an AI-powered core that helps prioritize the execution of change. We also empower the business with agile digital at scale to deliver unprecedented levels of performance and customer delight. Our always-on learning agenda drives their continuous improvement through building and transferring digital skills expertise and ideas from our innovation ecosystem. To learn more about Infosys and see our ideas in action please visit us at.
All aspects of employment at Infosys are based on merit competence and performance. We are committed to embracing diversity and creating an inclusive environment for all employees. Infosys is proud to be an equal opportunity employer.
Required Experience:
Senior IC
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
