Information Security Analyst

The Information Security Analyst will be responsible for supporting and enhancing the organization's cybersecurity posture through comprehensive risk management, compliance, incident handling, and proactive threat monitoring. This role demands a proactive mindset, analytical capability, and the ability to collaborate across teams to ensure robust security controls. The ideal candidate will be well-versed with SEBI regulations, ISMS/ISO 27001:2022 standards, and cloud security frameworks, and will possess strong communication skills to interface effectively with both technical and non-technical stakeholders.

Responsibilities

• Risk Management: Conduct periodic risk assessments to identify vulnerabilities and develop effective mitigation strategies to reduce security exposure.
• Compliance & Auditing: Assist in internal and external audits, ensuring compliance with regulatory standards and internal security frameworks, including SEBI cybersecurity guidelines and ISO 27001:2022 requirements.
• Incident Response: Participate in the identification, containment, and remediation of security incidents. Contribute to forensic investigations and post-incident reviews.
• Policy Enforcement: Enforce and help refine security policies, SOPs, and control frameworks in line with industry and regulatory standards.
• Cloud Security: Apply security best practices to AWS and Azure environments. Monitor cloud configurations and workloads to ensure secure deployment and operations.
• Security Awareness: Plan and conduct awareness sessions to promote security hygiene and reduce human factor risk across the organisation.
• SOC Monitoring: Monitor and analyse logs, alerts, and events through the Security Operations Center (SOC), and coordinate with relevant teams to respond to threats.
• Collaboration & Coordination: Liaise with development and IT/security teams to address vulnerabilities, assess risks in new projects, and implement secure coding and deployment practices.
• InfoSec Initiatives: Support the rollout of key cybersecurity initiatives, tools, and projects aligned with organizational goals.
• Documentation & Reporting: Maintain updated documentation of security policies, incidents, and reports. Present regular security metrics and risk updates to management.
  
  

Requirements

• Bachelor's degree in computer science, Information Security, or related field.
• 4+ years of experience in information security roles.
• Strong understanding of SEBI regulatory requirements and ISO 27001:2022 implementation.
• Experience in cloud security for AWS.
• Familiarity with tools like SIEM, DLP, IDS/IPS, endpoint security, and vulnerability scanners.
• Good knowledge of network security, application security, and incident handling processes.
• Excellent analytical, documentation, and communication skills.
• Relevant certifications (e. g., ISO 27001 Lead Implementer, AWS Security, CEH, Security+, etc. ) are a plus.
  
  

This job was posted by Amit Sharma from Ionic Wealth.