Information Security Officer

Location

Pune | India

Job description

Company Description

TeamLease Regtech Pvt. Ltd, a subsidiary of Teamlease Services Ltd is India's leading Regulatory Technology (RegTech) solutions company and was established for enabling Ease of Doing Business for over 1,557 legal entities across 28 States and 8 Union Territories. The company offers state-of-the-art multi-tenant, SAAS solutions on its web and mobile platforms for efficient risk and compliance management. TeamLease RegTech has one of the most comprehensive Legal and Compliance databases in India with over 1,536 Acts and 69,233 Compliances updated on a near real-time basis.

Role Description

TeamLease RegTech is seeking a full-time remote Information Security Officer who will be responsible for overseeing and ensuring the overall security of organizational information. The Information Security Officer will be responsible for ensuring the implementation of an information security management system, creating and implementing policies and procedures, conducting risk assessments, business continuity planning, monitoring and responding to security incidents, and managing data privacy risks.

Key Responsibilities:

• Expertise in implementing frameworks like NIST 800-53, SOC, ISO 27K standards
• Implement continual Compliance activities for SOC and ISO 27K standards
• Perform organisation wide Risk Assessment, BCP and BIA activities
• Expertise in conducting organisation wide application security assessments on Web, APIs, Mobile Deployments (Android + iOS) and Network/Hosts 
• Engage with internal and external stakeholders to understand the context of the product/service usage and assess the functionality of key information security and controls related to vendor or in-house developed software/systems.
• Conduct Secure Code Reviews using manual and automated approach.
• Collaborate closely with internal teams to ensure third-party relationships align with our security and compliance standards.
• Assist developers to perform analysis and mitigation of security vulnerabilities.
• Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, and network security and encryption.
• Provide support to incident response through capability enhancement and reporting.
• Provide subject matter expertise focusing on offensive security testing operations, working to test defensive mechanisms for the organization.
• Identify the root cause of technical and non-technical findings.
• Publish an Assessment Report that documents findings and identifies potential countermeasures.

Key Skills Required:

• Bachelor's or Master's Degree in IT or equivalent
• 2-4 years of relevant experience in Information Security, Governance, Risk & Compliance
• Ability to articulate complex information security concepts to application developers, infrastructure operators and the Management.
• Experience in leading or assisting with the implementation of security and privacy controls from internationally recognized frameworks (eg. ISO, SOC, GDPR, PCI DSS, COBIT, NIST, DPDPA)
• Information Security Certifications like OSCP, GPEN, GRCP, GRCA and ISO 27001 LA are good to have
• Industry experience in performing application security assessments over web, mobile, API / Web services, network VA and exploitative Penetration tests is a must.
• Strong ability to understand source codes, interpret programming logic and information flow.
• Must have excellent command over Linux environments.
• Superb written and spoken English skills (Required to articulate AppSec and VAPT reports)
• Must be able to confidently communicate with senior stakeholders of non-technical backgrounds.

Job tags

Salary