Incred (Algebrik AI) - Infosec Engineer

Information Security Engineer

Job Description

Develop and finalize policies, procedures, and guidelines related to IT and Infosec domains in alignment with industry best practices (ISO 27001 , GDPR and SOC 2)

Align internal IT and Infosec processes as per ISO 27001 and SOC 2 standards and security guidelines

Assist in defining and reviewing the key metrics for management reporting

Develop of cyber security standards, including incorporating industry practices and applicable compliance requirements

Maintain the the security risk register and related policies

Maintain the inventory of IT vendors as per regulatory guidelines.

Develop review checklists, questionnaire, and manage evidences to assist the IT vendor risk management process

Perform 3rd party security due-diligence reviews and periodic vendor risk assessments to assess vendor compliance.

Coordinate with external stakeholders and auditors for IT and Infosec related reviews

Coordinate for conducting periodic penetration testing exercises on in-scope applications and related infrastructure. Coordinate with stakeholders for timely closure of open risks.

Assist in imparting security awareness training and executing phishing simulation exercises to employees.

Assist IT and Infosec in gathering the metrics data and prepare management dashboards

Lead the periodic IT and Infosec governance review meetings and gather feedback for improvement

Assess the existing IT and Infosec processes and provide recommendations to improve

Identify opportunities for IT and Infosec governance automation and lead the continuous compliance initiatives

Support cross-entity teams/group entities to mirror the best practices implemented at the parent entity

Develop templates for incident reporting and manage artifacts. Assist during incident investigation and collaborating with stakeholders.

Audit Coordination:

Coordinate and facilitate SOC 2 audits, acting as the primary point of contact for the external auditor.

Gather evidence and documentation to demonstrate compliance with SOC 2 requirements.

Address any audit findings and implement corrective actions. Key Areas: SOC 2 Type 1 and Type 2, ISO 27001, GDPR ,security governance, vendor security due-diligence, vendor security reviews and assessment, preparation of security checklist, security awareness/phishing simulation, management dashboards, manage key metrics for IT and Infosec, Certifications: good to have - CISSP, CISM, ISO 27001, or CISA (Knowledge and experience in SOC 2 is mandatory)

Experience

Should have 5 - 7 years of experience in information security domain and minimum should have 4 of years in overall IT and Infosec governance related activities.

Must have sound knowledge in defining processes, developing policies, procedures, and guidelines, and preparing management reporting dashboards.

Must have experience in guiding teams with respect to SOC 2 requirements

Developing and implementing enterprise governance, risk, and compliance strategy and solutions

Ability to document and explain details in a concise & understandable manner

Industry recognized certificates relevant to the roles such as SOC 2, ISO 27001 are desired

Ability to lead complex, cross-functional projects, and problem-solving initiatives.

Passionate about IT/information security and update knowledge on daily basis to support the organization

Candidates must have excellent verbal and written communication skills

Familiarity with industry standards and regulations including PCI, ISO27001, SOC 2, GDPR, CIS, NIST is desired.

Candidates from BFSI experience will be preferred

Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security implications

Skills:

Candidate should be a good team player

Should have good interpersonal skills

Good written communication skills including ability to develop process documentation and security guidelines.

Ability to apply critical thinking and logic to a wide range of intellectual and practical

problems

Ability to maintain composure under pressure and work calmly during an emergency

Ability to manage multiple tasks and schedules