Senior Information Security Analyst (GRC)

About the job 

What does the team do? 

Opportunity is part of the evolving cybersecurity group, which is laser-focused on setting up industry benchmarks in managing & guarding against digital risks in a “Cloud Native- DevOps Only” environment. It is a lean-mean-special action group where every cyber sentinel gets an opportunity to work across domains, has the independence to challenge the status quo & mature cyber practices. Our core competence revolves around “Product & Platform security”, “Cloud Native Risk Management”, and “Detection & Response”. 

What will you be doing? 

• Own the technology risk management practice and concentrate efforts on continuous improvement in the GRC function aligned to global standards like NIST CSF, ISO 27001, ISO 31000, Cloud Security Alliance, etc.   
• Develop and maintain cybersecurity policies, procedures, and standards that are aligned with global standards. 
• Own, operate, and improvise a vendor risk management program. 
• Evaluate emerging technologies for their adoption to strengthen InMobi’s defences. 
• As part of risk management, perform periodic and on-demand risk assessment through process-level walkthroughs, control testing, etc., for the identification and assessment of IT risks and controls. 
• Ensure ISO27001 certification is sustained for our certified entities and work towards obtaining fresh certification for uncertified ones 
• Drive SOC2 Type 1 and Type 2 reporting effort by coordinating with all relevant business units  
• Effectively drive risk remediation through persistent communication, validation, and influence with our key stakeholders. 
• Maintain risk register and develop IT Risk Management metrics and reports. 
• Improve compliance with security standards and policies across various related entities, business units, products, and third parties. 
• Monitor open third-party security issues and remediation actions associated with security control gaps to ensure timely closure. 
• Provide subject matter expertise to teams that seek Infosec approval by evaluating and solving with Security as a core consideration. 
• Drive information security awareness programs by regularly conducting workshops to educate employees about information security and best practices. 
• Respond to Clients’ Request For Proposal/Information (RFP/RFI) by answering the questionnaire.
• Review information security clauses in client and vendor contracts and ensure it is in line with our policies and practices on the ground.
• Lead the data governance/data exchange program by having a handle on all intra-company data transfers, ensuring our data is safe and within our control.

What is expected of you? 

• 4-6 years of experience in the information security & risk management domain. 
• Zealous to unlearn & re-learn risk management practices in a “Cloud Native - DevOps Only” environment. 
• Strong understanding of security governance, compliance and risk management principles. 
• Strong understanding of mitigation methodologies and regulatory requirements about information security, privacy, and/or data security. 
• Ability to work independently with little direction and/or supervision. 
• Superior communication skills with the ability to ask questions, escalate roadblocks early, and interact effectively at multiple levels in the organization. 
• Keen attention to detail with the ability to correct on the fly and work independently. 
• Analytical aptitude with an emphasis on investigative, methodical, critical questioning and logical thinking; a data-driven decision maker. 
• Mindset to standardize & maximise automation in the security & risk management space. 
• High business acumen & ability to understand business objectives, technology stack, and evolve security as a business enabler capability. 
• Ability to operate, decide & evolve in ambiguous situations. 
• Curious to learn & adopt emerging technologies. 
• Holds vendor-neutral information security certifications (desirable).