Senior Information Security Engineer - Tech Mahindra

Job Description

The Role: The Senior Information Security Engineer is for responsible for implementing industry best security practices, will design, implement, maintain, and document the security measures to protect the organization against cyber threats and attend all ISO audits and requirements. Your Responsibilities: Ensuring that an ISMS system is established, implemented, and maintained in accordance with the ISO 27001:2013 and/or ISO 27001:2022. Lead all ISO and customer security audits/meetings and compliance activity. Contributing to Request for Proposal (RFPs) and supporting IT in CAPA management and Change Controls. Conducting regular internal security audits (Quarterly basis) to assess the effectiveness of security controls and identify areas for improvement. IT tickets handling related to security related incidents. Security Incident Reporting - Generating and presenting regular reports on the organization's security posture(weekly/quarterly/annual), including incidents, vulnerabilities, and risk mitigation efforts. Organization wide Security Awareness - Contributing to and developing security awareness by way of email leaflet/posters on monthly basis and training materials to improve security posture among the organization's staff. Security Policies and Procedures - Developing and implementing security policies, standards, and procedures to safeguard the organization's information assets. Review process documentation to ensure adequacy and consistency is maintained. Risk Assessment - Contribute to the team on regular assessments to identify potential security risks and vulnerabilities in the organization's IT infrastructure. Vulnerability Management - Monitoring and managing vulnerabilities in the organization's systems, including applying patches and updates in a timely manner. Running and automation of vulnerability scans and responsible for closure. Penetration Testing - Gathering penetration test requirements and performing internal pen tests on a scheduled basis. Should be adaptable for 24x7x365 availability for new security related projects/tasks. Preferred Qualifications, Training and Experience: Engineering degree in Computer Science, Information Technology, or a related field. Certifications such as CISSP, CISA/CISM, CEH and ISO 27001 demonstrating expertise in information security management and practices. Minimum of 10 years’ experience in information security roles, with a focus on security architecture, ISO Audits, incident response, and risk management. In-depth knowledge of security technologies such as firewalls, intrusion detection/prevention systems, encryption, and endpoint security solutions. Proficiency in security monitoring tools and techniques for detecting and responding to security incidents in real-time.