Information Security Officer

Essential Responsibilities include (but are not limited to):

- Help to plan and carry out the organizations information security strategy. Prepare and execute actions based on an ISMS calendar.

- Develop a set of security standards, policies and best practices for the organization.

- Regularly monitor computer networks and systems for security issues, breaches, or intrusions.

- Conduct regular monitoring and review of the information security in engineering projects and all functions/departments.

- Responsible for vulnerability & risk assessment of all information assets.

- Work with the IT & security team to perform tests and uncover network vulnerabilities.

- Fix detected vulnerabilities to maintain a high-security standard.

- Develop company-wide best practices for IT security.

- Perform penetration testing, to find any information security weaknesses in the systems.

- Support IT team to install security measures and software to protect systems and information infrastructure, including firewalls and data encryption programs, results/logs of mobile code, malicious code, and anti-virus software, to notify any intrusions, and scan for irregular system behaviour.

- Support IT team to install required end-point security products and procedures on employees computers, projects & departments systems.

- Develop strategies to respond to and recover from any security breach.

- Investigate security breaches and other cybersecurity incidents and assess the extent of damage.

- Document security breaches and assess the damage they cause. Initiate incident response actions to minimize the impact.

- Stay up to date on information technology security trends, news, best practices and relevant security standards.

- Keep a watch on published and identified infosec threats and mitigations across the industry.

- Research security enhancements and make recommendations to management.

- Ensure required mitigation and preventive actions are taken to protect the company's information assets.

- Conduct periodic trainings, sessions, activities to increase employee awareness about maintaining information security.

- Increase the pool of internal auditors by identifying employees and training them as internal auditors.

- Conduct and participate in meetings of the various groups and forums such as EDRT, IRT, ISMF, etc.

- Review company contracts (MSA & NDA documents) with customers, vendors, contractors and other entities from a information security coverage perspective.

- Review and maintain the AIC and RART data of all departments and engg project groups.

- Ensure regular fire and evacuation drills are conducted to train the employees for actions during an emergency.

- Conduct call tree checks and scenario based table top exercises for reviewing preparedness for BCP / DR actions.

- Conduct periodic internal ISMS audits to review the effectiveness of information security in the organization.

- Consolidate and assess the results of all internal audits. Closure of non-conformities and required actions to strengthen the information security implementation of the organization.

- Liason, plan and proactively support the external auditors from ISMS certifying body in conducting the ISO 27001 surveillance and re-certification audits.

- Respond to customer's ISMS questionnaires in a timely and effective manner.

- Support the customer's ISMS auditors for conducting audits (if required).

- Ensure timely verification and closure of all audit findings (internal & external).

- Prepare reports of ISO activities and audits findings for informing the leadership team on quarterly basis.

- Initiate the Management Review meetings and present the status of information security to the leadership team to seek inputs and make recommendations for improvement.

- Maintain effectiveness of the ISMS with continual improvements.

Candidate must possess:

- Candidate should be based out of Pune location

- Bachelor's degree in computer science or related field - Strong knowledge of ISO 27001 standard and prior experience with ISO 27001

- Strong knowledge of Cybersecurity, information security

- Knowledge of risk assessment tools, technologies, and methods. Strong understanding of endpoint security solutions

- Knowledge of disaster recovery, system and network security scanning tools, technologies, and methods

- Understanding of firewalls, proxies, SIEM, DLP, antivirus, content filtering and IDPS concepts

- Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact

- Experience planning, and developing security policies, standards, and procedures.

- Ability to communicate handle security incidents.

- Good experience in planning and conducting ISMS internal audits

- Experience in liasoning with external auditors from certifying bodies

- Ability to conduct trainings on information security

- A team player who shall able to technically guide the team and also work independently as individual contributor