Senior Security Analyst

Senior Security Analyst

Bengaluru

Role overview:

The Infosec Lead will be responsible for driving the organizations information security strategy,

ensuring compliance with global standards, and safeguarding critical assets. This role requires

deep expertise in compliance frameworks, risk management, vendor security, and audit readiness, combined with strong leadership in policy governance and awareness programs.

How you will create impact:

1. Compliance & Certification Management

Maintain and oversee compliance with:

o ISO 27001:2022

o PCI DSS v4.0.1

o ISO 22301:2019

o ISO 27701:2019

o SOC 2 Type II

o CSA STAR Level 1

o SWIFT CSP

o UK Cyber Essentials

Ensure adherence to external regulations such as UK FCA and DORA.

Support evidence collection and audit readiness for ISO, PCI DSS, SOC 2, SWIFT CSP,

and other certifications.

2. Audit & Risk Management

Conduct periodic internal audits across compliance frameworks.

Perform continuous risk assessments and maintain risk registers based on IT assets.

Track, monitor, and support remediation for audit findings and regulatory gaps.

Implement and maintain enterprise-level risk assessment methodology with quarterly

reviews.

3. Third-Party & Vendor Security

Conduct vendor and partner risk assessments during onboarding and annual reviews.

Evaluate security controls, compliance posture, and contractual requirements.

Respond to partner DDQs and ensure ongoing compliance through re-assessments.

4. Policy & SOP Governance

Develop, maintain, and govern security policies, procedures, and standards.

Align documentation with best practices, regulatory obligations, and business needs.

Conduct periodic policy and SOP reviews to ensure relevance and compliance.

5. Security Awareness & Training

Design and deliver organization-wide security awareness programs (digital and

instructor-led).

Conduct refresher sessions and track compliance metrics.

Facilitate awareness training materials for employees and partners.

6. Vulnerability & Penetration Testing

Oversee VA/PT activities and coordinate with application teams.

Ensure timely remediation and track compliance to maintain secure system baselines.

7. Business Continuity & Resilience

Support Business Continuity Planning (BCP) and testing.

Conduct monthly, quarterly, half-yearly, and annual reviews of resilience measures.

8. Continuous Compliance & Reporting

Coordinate with cross-functional teams for compliance reporting and metrics.

Maintain evidence repositories and documentation for external audits.

Ensure continuous compliance posture through proactive monitoring.

Essential qualifications:

Proven experience in managing compliance frameworks such as ISO 27001, ISO 22301,

ISO 27701, PCI DSS, SOC 2, SWIFT CSP, and other relevant regulatory standards.

Expertise in risk assessment, vendor security, and audit readiness.

Lead Auditor / Lead Implementer certifications in standards such as ISO 27001, ISO

22301, ISO 27701, PCI DSS, or similar frameworks will be an added advantage.

Excellent communication and stakeholder management skills.

Ability to design and govern large-scale policy frameworks.

Hands-on experience with vulnerability management and penetration testing

coordination.

Strategic thinker with strong analytical and problem-solving skills.