Full Time
Gurgaon
Posted 1 week ago
Job Summary:
DDReg Pharma Pvt Ltd is seeking a detail-oriented and proactive Information Security Analyst to join our team in Gurugram. The ideal candidate will be responsible for ensuring the integrity, confidentiality, and availability of information systems by identifying and mitigating security risks. The successful candidate will possess expertise in information security frameworks such as ISO 27001, SOC 2, and a strong understanding of third-party risk management.
Key Responsibilities:
- Vendor Risk Management: Oversee the management of all vendors, ensuring compliance with organizational security standards, effective communication, and adherence to service level agreements (SLAs).
- Risk Assessments: Conduct comprehensive risk assessments to identify vulnerabilities within the organization and implement effective mitigation strategies. Regularly evaluate organizational security posture and suggest improvements.
- ISO 27001 Compliance: Lead efforts in ensuring compliance with ISO 27001:2022 standards. Conduct internal audits and support external audits to ensure continuous adherence to the standards.
- Third-Party Risk Management (TPRM): Lead the TPRM onboarding and periodic review processes, ensuring third-party vendors meet required security standards and regulatory compliance.
- Incident and Problem Management: Analyze incidents and problems within the organization, identifying root causes and developing actionable plans to prevent future occurrences.
- Policy and Documentation Review: Review and update organizational policies and procedures to ensure alignment with ISO 27001 and other regulatory requirements. Maintain comprehensive documentation of all security-related activities.
- Collaboration & Reporting: Collaborate with internal teams and external auditors to ensure compliance with relevant frameworks. Prepare and present detailed reports on security incidents, risk assessments, and mitigation strategies.
- Training and Awareness: Facilitate training sessions for internal teams on information security best practices and compliance requirements, ensuring continuous education on security threats and mitigation measures.
Key Skills & Requirements:
- Proven experience in Information Security, including hands-on experience with ISO 27001, SOC 2, and ITGC frameworks.
- Strong understanding of third-party risk assessments and vendor management.
- Experience in Risk Assessment, Incident Management, and Root Cause Analysis.
- Certification: ISO 27001 Lead Auditor (preferred).
- Proficiency in creating and maintaining security documentation, policies, and procedures.
- Familiarity with NIST, GRC, and SOC 2 frameworks.
- Ability to work under pressure, manage multiple tasks, and handle sensitive information.
Educational Qualifications:
- Bachelor’s Degree (Mandatory):
B.Sc. in Information Technology, Computer Science, Cybersecurity, or related fields.
OR
B.Tech. / B.E. in Computer Science, Information Technology, or related engineering disciplines. - Master’s Degree (Preferred):
M.Sc. in Information Security, Cybersecurity, or related fields.
OR
MBA in Information Security (if focused on management aspects of ISMS). - Languages:
English: Full Professional Proficiency
Hindi: Full Professional Proficiency