Information Security Specialist

Key Responsibilities

1. Security Governance & Compliance

• Implement and maintain security policies, SOPs, frameworks, and procedures.
• Ensure compliance with RBI PA/PG guidelines, KYC/AML, and data security mandates.
• Support audits and assessments for PCI-DSS, ISO 27001, SOC2, and CERT-In requirements.
• Coordinate with internal teams and external auditors for security assessments, VAPT, and risk reviews.
• Maintain security controls documentation, risk registers, and compliance dashboards.

2. Security Operations

• Monitor and manage security incidents, alerts, and vulnerabilities via SIEM tools.
• Assist in threat detection, incident response, and forensic investigations.
• Support implementation of endpoint security, DLP, IAM, network security, and cloud security controls.
• Conduct periodic security checks including access reviews, log monitoring, and privilege analysis.

3. Risk Management

• Identify, evaluate, and mitigate security risks across applications, infra, cloud, and networks.
• Perform regular risk assessments, vendor security evaluations, and third-party compliance checks.
• Develop risk mitigation plans and ensure closure of audit findings.

4. VAPT & Security Testing

• Coordinate and track internal and external VAPT for applications, APIs, mobile apps, cloud, and networks.
• Review and validate vulnerabilities, ensuring remediation and retesting.
• Work with engineering teams to integrate secure coding practices (SSDLC).

5. Cloud & Application Security

• Support cloud security measures across AWS/Azure/GCP environments.
• Ensure security hardening of servers, databases, microservices, and payment APIs.
• Work with developers to enforce OWASP, API security, and secure deployment standards.

6. Documentation & Training

• Prepare security reports, compliance documentation, incident logs, and risk summaries.
• Conduct employee security awareness sessions (Phishing, Password, Data Handling, etc.).
• Create training materials, run mock drills, and improve security culture.

Required Skills & Competencies

Technical Skills

• Strong understanding of PCI-DSS, ISO 27001, RBI PA/PG Security Requirements, KYC/AML norms.
• Hands-on experience with SIEM, DLP, IDS/IPS, Firewalls, WAF, Endpoint Security, and Cloud Security tools.
• Good understanding of OWASP Top 10, API Security Top 10, VAPT processes, and secure coding standards.
• Experience in incident response, security monitoring, and vulnerability management.
• Knowledge of network security, encryption standards, identity access management, and key management.

Soft Skills

• Strong analytical and problem-solving ability.
• Excellent communication and documentation skills.
• Ability to work cross-functionally with Tech, DevOps, Product, Compliance, and Operations teams.
• High ownership, integrity, and attention to detail.

Qualifications

• Bachelors degree in Computer Science / IT / Engineering (preferred).
• Certifications are a plus:
• CISA, CISM, ISO 27001 LA/LI, CEH, CompTIA Security+, CSA, PCI-DSS Implementer/Auditor
• Experience in fintech, payment gateway, payment aggregator, banking, or BFSI sector is strongly preferred.