Skip to main content Skip to footer

Information Security Officer

Location: Pune, India

Job Description

We are looking for an experienced Information Security Officer to work in our Quality Assurance/InfoSec Function and will be reporting to InfoSec & Quality Manager with Global company responsibility across our internal and customer sites.
 
The focus of this position will be on ISO 27001:2013 Control Implementation and Control Assurance. To protect the personal information of employee and client to establish and maintain the basic GDPR controls.
 
Key responsibilities of the role:

  • To perform the Gap assessment of existing Cerillion controls against ISO 27001 Annexure controls and guide function POCs to bridge those gaps.
  • Identify the cost-effective alternatives to ISO 27001 Annexure control and look after the technical specification and implementation.
  • Information Security Risk assessment for valuable assets based on NIST SP 800-30, understanding of ISO 27001:2005 and ISO 27001:2013 versions.
  • BCP and DR planning and coordination, help the function owner to conduct the BCP test and collect results to perform analysis.
  • Perform Internal audits/Compliance checks to assess the adherence to ISO 27001, ISO 9001 & GDPR.
  • Perform the audit findings analysis to target the week process area and draft the action plan.
  • Perform Network VA scans with the help of Nessus tool and report vulnerabilities to Infrastructure team.
  • Take an ownership of control assurance and make sure all the vulnerabilities are closed, none of the threats are exposed.
  • Research, develop, implement, test and review Cerillion’s information security in order to protect information and prevent unauthorized access to Cerillion internal systems.
  • Data protection officer experience & knowledge about the GDPR regulations, DPO certification will be value added.
  • To update first response to the customer RFP for InfoSec questionnaire, based upon the information security at Cerillion.
  • Understanding and knowledge about ISO 9001:2015, PCI DSS, Cyber Essentials plus.
  • Hands on experience on Cloud Security practices such as NCSC Cloud Security Principles for IaaS, PaaS and SaaS.
  • Constant systems review in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
  • Access Control Matrix (ACM) Review of actuals against the planned on Quarterly basis for different designations.
  • Coordinate with external auditing bodies/external auditor to perform the certification and Surveillance audits.

What you’ll bring to the role:

  • 5+ years of experience as an Information Security Officer.
  • Experience working on Control implementation and Control assurance.
  • Knowledge about ISO 27001:2013 standard
  • Strong analytical, interpersonal, and problem-solving skills.

Education

  • Bachelor’s or master’s degree, or equivalent in Business Administration or related discipline.
  • ISO 27001:2013 Certified Auditor/Lead auditor
  • ISO 9001:20015 Certified auditor/Lead Auditor
  • Certified Data Protection Officer (GDPR)
  • Implementation Certificate

Keep up with the latest company news and industry analysis