Information Security Engineer

ISG is a large Security group focused on internal Security of Infosys and in turn providing the required assurance to Clients on meeting their Security demands as per contractual agreements. The team is dispersed across locations and is divided into 3 Groups consisting of 10 Functions. The CISO heads ISG and the 3 Group Heads report to him, wherein the Function Heads report to their respective Group Head. ISG makes use of many state-of-the-art Cyber Security best practices and products to help proactively detect and respond to various Strategic, Tactical and Operational threats arising from time to time. The 3 Groups are, 1. Cyber Security Governance (CSG) 2. Cyber Security Policy Risk and Compliance (PRC) and, 3. Cyber Security Technical Operations (TechOps)

Responsibilities

 Be a reviewer for implementation of the information security control framework by working with all relevant stakeholders

 Conduct and draft information security risk assessment

 Conduct ISG driven internal SPOT checks

 Help and support implementation of all the contractual requirements within the engagement

 Handle various standard, regulatory and compliance requirements such as ISO27001, SSAE16, PCI DSS, HIPAA etc.

 Respond to RFPs and RFIs, review agreements for prospects or clients

 Analyze data generated during ongoing information processing activities to generate metrics that indicate the level of risk

 Conduct awareness sessions within Infosys

 Verify compliance to contractual requirements within the engagement

 Support ISG managers during client audits at different locations

Required Skills and Experience

 The candidate shall have at least 2-4 years’ experience in Information Security Governance, risk and compliance management with strong data and network security concepts. The candidate shall have good experience in the areas of Risk Management, Governance, Compliance, Security policy and Metrics.

 The candidate should possess good technical, analytical, troubleshooting and problem solving skills. He shall have excellent communication and collaboration skills.

 The candidate shall possess good understanding of ISO 27001:2013, SSAE 16 SOC 1 & SOC 2, PCI DSS, HIPAA & other industry recommended standards and regulations.

 The candidate shall have strong technical understanding of Information Security