Senior Infosec Engineer

Role: Senior Infosec Engineer

Reference Code: HR1175749300792697

Experience: 4-6 years

Salary: Confidential (based on experience)

Opportunity Type: Office (Mumbai)

Placement Type: Full time Permanent Position

(*Note: This is a requirement for one of Uplers Clients)

Senior Infosec Engineer

As a Senior Information Security Engineer, youll be the go-to guardian of our security and compliance framework. Youll own everything from ISO 27001 and SOC 2 audits (Internal and External) to Customerthird-party risk assessments, customer security requests, and internal ISMS management.

You’ll work across product, engineering, and legalteams to ensure we’re notjust compliant—but secure by design. If you’re someone who knows how to manage an audit without breaking a sweat and gets a kick out of spotting gaps in security systems,this one’s for you.

We are the match if you...

• Speak fluentISO 27001, SOC 2, and ISMS for 4 - 6 years
• Have experience owning and running end-to-end compliance audits
• Experienced in handling ISMS management end to end
• Responding to customerthird party risk assessments questionnaires and facing customerAudits Can guide control owners like a boss (and notjust with fancy dashboards)
• Enjoy writing and updating InfoSec policies (yes, we know that’s rare!)
• Know how to communicate security stuffto non-security folks
• Have worked in a SaaS environment or wantto secure one now
• Love working across multiple teams and hate working in silos
• Have strong knowledge of cloud platforms (GCP preferred, others okay too)
• Hold one or more certifications (mandatory): ISO 27001 LeadAuditor, CISA, CISSP

Here’s what your day would look like...

• Maintain and manage ISMS as perISO 27001 and SOC 2 standards
• Coordinate and lead internal and external audits
• Oversee annual policy renewals, updates, documentation and ISMS activities
• Face third-party/vendorrisk assessments from our customer
• Respond to security questionnaires from customers and partners
• Track and close compliance deliverables with internal stakeholders
• Identify gaps in technical or procedural controls and work with teams to fix them
• Train internalteams on compliance expectations and workflows
• Monitor and improve security metrics across the org
• Stay up to date with industry trends and frameworks