Information Security Consultant

JOB SUMMARY

The Information Security Consultant shall be responsible for ensuring the information security compliance requirements for the client. The purpose of the job is to ensure adequate security controls are in place, meeting the respective security regulatory requirements.

This includes managing compliance:

• to various information security standards;

• standards related to Swift, card payment security (if applicable);

• regulatory requirements in countries where the client operates;

• other financial standards and security best practices.

ROLES AND RESPONSIBILITIES

• Maintain security policies/addendums, standards, and procedures.

• Review information security and compliance requirements as per regional regulatory frameworks (ISO 27001, GDPR, PCI DSS, Central Bank regulations, or others as applicable).

• Review new regulatory security legislations, provide interpretations if necessary, and monitor action plans for implementation.

• Coordinate for the client group on various regulatory security audits at international locations.

• Review BRDs, solution designs, concept designs, and any other requirements from regional business units and local IT teams to ensure alignment with the client’s security policies.

• Perform technology risk assessments, third-party risk assessments, and review RCSA remediation.

• Assist relevant security and business units in achieving information security compliance objectives.

• Identify issues that could impact the organization and escalate any serious issues, breaches, or violations; develop and monitor action plans for closure in coordination with local and overseas branches and business groups.

• Maintain contact with local regulatory authorities and the regulatory compliance department for new regulatory requirements.

• Work to close all open observations with Local IT/Global IT and concerned SPOCs in international locations and headquarters.

• Participate in the client’s CSIRT activities for information security incident and data breach handling.

• Review and assess regulatory compliance circulars/notices and relevant security controls.

KEY ACCOUNTABILITIES

• Information security compliance requirements.

• Highlight security status and concerns to management.

• Consult with IT and information security staff to ensure appropriate implementation plans are established.

• Review and provide recommendations for IS policies, standards, guidelines, and processes in alignment with international regulatory requirements.

• Actively participate in and contribute to security office initiatives.

• Track open audit issues related to information security to closure.

• Conduct risk assessments.

ELIGIBLE CANDIDATE PROFILES

• Bachelor’s or Master’s in Engineering/Technology or Master of Science with 8+ years of experience in information security.

• Certifications such as CISA, CRISC, or CISSP are desirable.

Note: Its onsite Mumbai and only candidates in this location are eligible to apply