Information Security Analyst

Job Responsibilities:

1\Strategic Support

• Work with the head of cybersecurity to develop the security architecture design.
• Provide the head of cybersecurity with a useful overview of the risks and threats that exist in the workplace by supervising the collection, analysis, and assessment of the current and potential threat landscape.
• Work with the head of cybersecurity to develop budget predictions based on both short- and long-term goals and objectives.
• Take part in the policy-making process.
• Keep an eye on and report on both policy enforcement and adherence to security regulations. Take part in the policy-making process.
• To guarantee operational effectiveness and regulatory compliance, suggest modifications to current policies and processes.
• Ensure implementation of HEADQUARTERS' worldwide information security policies and procedures by adapting them to Indian cybersecurity and data protection legislation and business realities.

2\Security Liaison

• Develop a plan and deliver security awareness, training, and communication to audiences, which may include field personnel and senior leaders, in collaboration with the head of cybersecurity.
• To raise staff security awareness, create and carry out regional information security training programs and oversee the creation and practice of regional contingency plans.
• Give the Indian technical team specialized training in vulnerability management and network hardening.
• Serve as a liaison between the procurement, legal, and vendor departments to create service-level agreements and contracts that are acceptable to all parties.
• Take part in forums for problem and change management and oversee production-related issues and incidents.
• As part of the establishment of a control framework, collaborate with different stakeholders to identify information asset owners in order to categorize data and systems.
• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
• Implement GRC program for the Organization in collaboration with HQ team.

3\Engineering Support

• Assist in the creation of a comprehensive cyber security strategy and roadmap(s).
• Review Design solution architectures and blueprints aligned with business, technology, and security goals. - Address security architecture and design challenges across various teams while managing interdependencies.
• Work together with the HEADQUARTERS security team to help shape the network architecture, define access control policies, conduct risk assessments, and manage the closure of Indian operations.
• Oversee routine penetration testing and vulnerability assessments, formulate hardening strategies, and drive efforts for remediation.
• Collaborate with the relevant team to ensure security is incorporated into the assessment, selection, installation, and configuration of hardware, applications, and software.
• Partner with the IT team to ensure that vulnerabilities are identified and mitigated.

4\Asset and Data Security Management

• Ensure Management of the lifecycle of network assets in India region, establishing standardized processes for device onboarding, changes, and decommissioning.
• Ensure cloud security compliances for data management comply with India legal and regulatory requirements.
• Protect data-at-rest and data-in-transit.
• Ensure adequate capacity to maintain availability.
• Implement protections against data leaks.
• Use integrity checking mechanisms to verify software, firmware, hardware and information integrity.
• Ensure there is separate development and testing environment(s) from the production environment.

5\Incident Handling

• Develop CCMP plan
• Monitor and respond to information security incidents. As the security interface in India, work with the headquarters to handle information security issues.
• Conduct Mock drills
• Identify improvement plans and ensure implementation

Qualifications:

1、Educational Background

• Bachelor's degree or higher degree in Computer Science, Information Security, Electronics & Communication Engineering, or a related field.

2、Experience Requirements

• Overall 10+ experience in network & Endpoint security management with
• years of experience in the information security field.
• Experience in Energy Industry is added advantage.
• Familiarity with Indian cybersecurity legal frameworks is a preferred.

3、Skill Requirements

• Proficient in standards such as ISO 27001, IEC 62443, NIST CSF as well as CIS baseline and skilled in security tools like firewalls, IDS/IPS, and SIEM, Secure remote access etc.
• Practical experience in penetration testing (e.g., Burp Suite, Metasploit), vulnerability management, and network & endpoints hardening, Web API, rest API security
• Understanding of data sovereignty regulations (e.g., India's data localization requirements) and cross-border data transfer solutions.

4、Soft Skills

• Excellent organizational and coordination skills, capable of independently managing various cybersecurity tasks for Indian operations.
• Strong cross-cultural communication skills, able to coordinate needs between headquarters and local teams.

5、Language and Certifications

• Proficient in English (working language), with Chinese communication skills as a plus.
• Preference for holders of certifications such as CISSP, CISA, CISM, CRISC or OSCP.