IT Security & Compliance Officer

Role Overview

As an IT Security & Compliance Officer at VortexWeb- Noida, you will be responsible for protecting all infrastructure, applications, and integrations used across the company and client projects. You will implement and enforce best practices around access governance, API token management, VPN restrictions, and compliance with global data security policies (e.g., ISO 27001, GDPR). Your primary goal is to secure our digital assets, restrict unauthorized access, and reduce internal risk vectors.

Key Responsibilities

• Conduct company-wide access audits and document all critical touchpoints (AWS, GitHub, Bitrix24, etc.)
• Design and implement role-based access control (RBAC) across all systems and integrations
• Set up and manage secure credential vaults using tools like Bitwarden/1Password; enforce storage and access policy for all developers and PMs
• Configure and maintain VPN or zero-trust network access (Cloudflare Teams / Tailscale) to ensure systems are accessible only via company-issued devices
• Oversee token lifecycle management for APIs including Property Finder, Bayut, Dubizzle, and ensure tokens are securely stored, rotated, and revoked when needed
• Detect and respond to any unauthorized access attempts, token misuse, or suspicious activity through log analysis and real-time monitoring
• Draft and maintain a full suite of security SOPs, including onboarding/offboarding checklists, API access control, disaster recovery plans, and breach incident playbooks
• Collaborate with DevOps and PM teams to ensure ongoing security compliance for Bitrix24, AWS, portal integrations, and other internal tools

Required Skills & Experience

• 2+ years of hands-on experience in cybersecurity, IT compliance, or infrastructure security
• Proven experience with IAM policies, access control frameworks, and VPN configurations
• Strong knowledge of AWS security tools, EC2 permissions, and cloud-based firewalls
• Familiarity with API security, webhook verification, and OAuth/Bearer token systems
• Hands-on experience with Bitwarden, Vault, or enterprise-grade password managers
• Working understanding of GDPR, ISO 27001, or equivalent compliance standards
• Ability to create and enforce well-documented security processes

Job Type: Full-time

Pay: ₹200,000.00 - ₹300,000.00 per year

Ability to commute/relocate:

• Noida, Uttar Pradesh: Reliably commute or planning to relocate before starting work (Preferred)

Application Question(s):

• What is the most secure way to store API credentials across multiple clients in an agency environment? Describe tools or policies you'd use.
• Have you ever implemented VPN-based access controls for internal tools or CRMs? If yes, explain how you ensured only company-issued devices could access them.
• What would you do if an employee who had root-level access resigned without notice and their Bitrix24 admin account was still active? List step-by-step actions.
• Which of the following tools are you proficient in?

1. Bitwarden
2. Tailscale3. AWS IAM4. GitHub Access Control5. Fail2ban6. I haven’t used any

• What is your current CTC?
• What is your expected CTC?

Work Location: In person

Application Deadline: 30/07/2025