5+ Information security Jobs in Mumbai | Information security Job openings in Mumbai

Location: Mumbai, Andheri

Work Mode: WFO(Monday- Friday)

Notice Period: Immediate/30 Days

Job Summary: Focus on supporting audit processes with regulatory bodies including RBI, Banks, and other financial institutions. Maintain compliance with multiple frameworks such as ISO 27001, PCI-DSS etc. Conduct regular internal security assessment & provide InfoSec training.  

Required Skills and Knowledge

Working knowledge of:

• Information security concepts and principles

• Basic networking and system security

• Windows and Linux operating systems

• Common security tools and technologies

• Audit management systems

Compliance knowledge & understanding of:

• ISO 27001 framework and implementation

• Data protection regulations

• PCIDSS requirements and controls

• RBI's Cyber Security Framework

• Banking sector regulatory requirements

Required Experience /Qualifications

2-6 years of experience in information security, audit, or compliance roles

• Previous exposure to regulatory audits is highly desirable.

• Experience in banking/financial services sector is a plus

• Bachelor’s degree in computer science, Information Technology, Information Security, or related field.

Certifications (Any one of the following preferred):

• CompTIA Security+

• CISA

• ISO 27001 Lead Auditor

• Other Industry Certifications 

Principal Duties/Responsibilities

• Act as a liaison between external auditors and internal teams during regulatory audits.

• Coordinate with RBI auditors, banking auditors, and other regulatory bodies.

• Prepare comprehensive audit evidence packages according to regulatory requirements.

• Maintain audit calendars and tracking systems for various regulatory assessments.

• Create and maintain audit trails for all regulatory interactions.

• Assist in maintaining compliance with multiple frameworks: Payment Card Industry Data Security Standard (PCIDSS) ISO 27001 Information Security Management System RBI's Cyber Security Framework Banking regulatory requirements

• Help conduct regular internal assessments against compliance requirements.

• Support the implementation and documentation of security controls

• Monitor compliance status and help prepare compliance dashboards

• Support internal security assessments and reviews: Access control reviews User privilege assessments Security configuration reviews

Policy compliance checks

• Document security findings and observations

• Help create and maintain security control documentation

• Perform risk assessment.

• Support vulnerability assessment and penetration testing coordination • Contribute to the development of audit checklists and templates

• Keep updated with latest regulatory requirements and security standards

Business Function

Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Job Purpose

• This is to manage risks for LOBTs acting as Line 1 risk manager

Key Accountabilities

• Assist Line of Business Technology in managing technology and operational risks
• Drive and ensure regulatory compliance for the LOBT
• Liaise and co-ordinate audit activities involving the LOBT
• Issue & Action management for LOBT including is impacted (across external and internal audits and reviews and excluding IT Information Security) and action planning.
• Engagement across Technology verticals, Operations, Business, Compliance to prioritize, plan, act, prove, close all open findings within committed timelines.
• Scan regulatory requirements, circulars to ensure forward planning and execution for compliance. This includes Singapore and India regulatory requirements.
• Prepare, maintain and conduct control testing for units Risk Control Self Assessments (RCSAs)
• Outsourcing Risk assessment for the LOBT
• Monitor risk issues and incidents for LOBT

Job Duties & Responsibilities

• Liaise with stakeholders within and outside bank, including at Group level to have a comprehensive view of all Technology Risks.
• Engage with Technology verticals and others as appropriate within bank to progress on closure of all open points.
• Engage with Compliance, understand the regulatory requirements at country and group level, and add these to the action points which Technology must ensure.
• Early identification of execution challenges in risk mitigation actions and being an effective catalyst with Technology teams and seniors to resolve bottlenecks such as cost or resource approvals, conflicting priorities.
• Risk assessment for LOBT covering partners, external environment and identify potential risks such as relating to scale-preparedness, DR & BCP support for the organization, code quality in terms of testing and deployment governance.
• Regular updates as per agreed rhythm, and fronting dialogues with stakeholders/LOBT, to highlight process on Risk Management and Risk Mitigation.
• Liaise with relevant departments to ensure awareness of Technology Risk within the Banking India Technology Team, and partner for this awareness across India.
• Liase with Line of Business Risk in the region and co-ordinate efforts for the LOBT landscape used by India.

What will you do every day?

As a Security & Compliance Specialist, you are responsible for helping the implementation of the organization's information security and compliance programs. You will also help in implementing and reviewing data protection and privacy controls through technical, operational, and administrative measures. The ideal candidate will have good experience in Security in SaaS products, a deep understanding of regulatory requirements, and a proactive approach to managing security threats and third-party risks; someone who enjoys security work and possesses both deep and wide expertise in the security space.

Job Responsibilities

• Develop and Implement Security & Privacy Policies (Primary | Must have)
• Create and maintain comprehensive security policies and procedures for cloud environments and application security that align with organizational goals and regulatory requirements
• Ensure policies are regularly updated and communicated to relevant stakeholders; should be an SME for Enterprise Security and Privacy related activities
• Third-Party Risk Management (Primary | Must have)
• Handle the third-party risk management activities (TPRM) covering both inbound and outbound assessments (through the Customer & Vendor lifecycles)
• Collaborate with procurement and legal teams to ensure third-party contracts include appropriate security and compliance requirements (this includes reviews of MSA, Bids, RFP’s)
• Compliance Oversight (Primary | Must have)
• Ensure the organization’s compliance with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001, ISO 27701, DPDP, SOC 2); should be an SME for compliance
• Implementation of minimum 3 standards from GDPR, HIPAA, ISO 27001, ISO 27701, DPDP, SOC 2
• Lead internal and external audits and manage responses to audit findings
• Product Security Practices (Primary | Must have)
• Integrate security practices into the software development lifecycle (SDLC) and review the releases based on the established Secure SDLC processes
• Review the Products from time to time checking the availability of enterprise security features
• Cloud & Infra Security (Secondary | Good to have)
• Implement, review and maintain robust security controls for cloud platforms (AWS/Azure/GCP) as per the industry best practices (DevSecOps)
• Perform security assessments/reviews and VA scans (non-mandatory) on cloud infra.
• Cybersecurity (Secondary | Good to have)
• Knowledge on Cyber Attack Vectors, Cyber Threat Intelligence, Attack Surface Mgmt., etc.
• Adequate knowledge on Incident Response, Business Resilience and Risk Management

Other responsibilities

• To act as a Security & Privacy champion/catalyst for all functions/BUs within the Company
• This role needs an avert-risk mindset and should handle Incident Management (able to Identify, Analyze, and Resolve Security Incidents)
• Contribute to the Cloud & CyberSecurity roadmap and act as an internal advisory/consultant
• Training entire staff about security and privacy best practices whenever necessary

Experience & Other Requirements

• Degree/Diploma in Computer Science / Information Technology / Cybersecurity or equivalent
• 3+ years (3-7) of experience in information security, with a focus on compliance
• Proven track record in implementing security and compliance policies & controls in a Product based Product company (preferably in a SaaS-based company)
• At least 3 years of working and implementation knowledge for any three of the compliances (ISO 27001, 27701, GDPR, HIPAA, SOC 2, DPDP)
• Good to have working knowledge of Cloud security practices & involved in DevSecOps activities
• Good research mindset with a zeal to explore, learn, share, and implement
• Preferable who can join in 30 days

Qualifications & Responsibilities

Year of Experience : 3- 8 yrs

Location : Bangalore, Delhi, Mumbai, Pune

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

Why NCG?

WHO WE ARE DRIVES WHAT WE DO!

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

Are you a Doer or Achiever?

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!

As an IT Infrastructure Architects design and implement information systems that support an enterprise infrastructure. You will provide the necessary technical infrastructure for the development of new and existing infrastructure technologies and system requirements. 

Improve efficiency and streamline operations. enhance design specs, create technical documentation, implement control concepts and deliver expected outcomes. Collect performance data to monitor systems resource usage and failures rates and provide solutions and recommend changes. ensure scalability and anticipate capacity growth through careful planning and awareness of industry, business and client’s growth trends. Design activities rely on accurate data, sensible KPIs and performance metrics to improve processes and bridge gaps

Primary Responsibilities:

Conducting research on emerging and existing technologies. Recommend system alternative technologies and infrastructure development efforts that increase infrastructure flexibility, reliability, stability, scalability, resilience, availability, performance and cost effectiveness. All collective research efforts will contribute to the creation of architectural road maps that leverage software and cloud technologies. Research customer interaction, policy adherence, enterprise processes. May act as the subject matter expert of architectural virtualization.

Needs to guide in execution of Incident, Change, Release, Problem, Performance, and Availability Management

Security of all infrastructure is of paramount importance and is periodically audited, monitored and updated in keeping up with latest threats and risks.

Identifying best practices for future implementation. Architects provide feedback to the enterprise and incorporate all gathered information into future integration plans.

Provides DevOps thought leadership and mentoring in both advisory and delivery contexts, focusing on the requirements of Technology and Business and how these are best served by continuous improvements to our delivery approach

Required Technical skills and Experience

• Over 10+ years of experience as IT Infrastructure Architect
• Bachelor / Masters Degree in Computer Science, Information Technology or related field
• Must have experience in Infrastructure architecting on AWS/ Azure/ Google cloud.
• Should have a very good understanding of Cloud Native services (IaaS, PaaS, SaaS) platforms for application deployment and scalability in a cost effective manner, addresses scalability, availability, service continuity (DR), performance and security requirements. auto-scaling and self-healing.
• Has hands on experience with cloud orchestration using Kubernetes or apache Mesos on marathon would be an advantage
• Evangelizing microservices-based architectures using containerized applications; help to drive strategy and implementation of cloud native infrastructure
• Sound Knowledge of RDBMS, preferably with MYSQL Mongo, Elasticsearch, Redis. Working knowledge of, CDN/WAF 
• Proven expertise on Linux, and DevOps tools such as Git, Jenkings, maven, Bamboo Docker, Puppet, Ansible,Kubernetes,terraform. Elastic Beanstalk, Openshift
• Infrastructure security (VPC, tunneling, API management, Governance) and networking security solutions like routing, switching, Firewalls etc.
• Good debugging skills on Linux, Apache, Nginx, PHP, MYSQL and cloud-based application and administration of RHEL, CentOS/Ubuntu
• Experience in Cloud scale APM and Monitoring Tools such as ELK ,Splunk, Nagios, Graffana, XMON Datadog, Dynatrace, Appdynamics, Cloud Monitoring.
• Troubleshoot and debug environment and infrastructure problems found in the production and non-production environments.
• Implements security improvements by assessing current situations; evaluating trends; anticipating requirements.
• Determines security violations and inefficiencies by conducting periodic audits.
• Upgrades system by implementing and maintaining security controls.
• Must have knowledge of leading storage backup solutions.
• Experience with one or more Unix shell scripting languages (Bash, C-Shell)

• Team mentoring and support for ramping up new engineers
• Provide leadership in planning, defining requirements, scoping efforts, and setting appropriate milestones
• Using a data-driven process/mindset, author technical content to support the incident response process (e.g. postmortem/root cause analysis) and develop interim solutions to prevent or quickly resolve issues/problems the next time.
• Experience with networking technologies (routing, switching, IP addressing, DNS, Load balancers, etc.) Knowledge of :  - File systems, NFS, CIFS, iSCSI - IPv4 networking, including TCP/IP, SMTP/POP/ IMAP, HTTP/S, LDAP – DNS
• Ability to work independently while tackling complex problems
• Passionate to palm ownership and responsibility of the systems - 24x7