2,279 Certified Ethical Hacker jobs in India

Entity:

Technology

Job Family Group:

IT&S Group

Job Description:

To enable the world to reach net zero, bp are looking for the brightest digital specialists to drive innovation as it transitions from an International Oil Company (IOC) to an International Energy Company (IEC).

Are you passionate about protecting what matters most? We're seeking someone who is passionate about identifying and implementing security solutions that make bp a cyber resilient organisation! Our Business Information Security team partners with the business to help them understand cyber risk and be accountable for cyber security.

We're looking for curious minds who are driven by opportunities to build value and deliver secure products and services to advance bp's strategy.

Role Synopsis

In the digital era, where data breaches and cyber threats are not just possibilities but realities, the role of a Global Information Security Specialist has never been more critical. Working closely with bp's business areas, you will support the protection of IT systems and business data that are important to bp's operations.

You will conduct security assessments, respond to security queries, and provide security expertise. Your expertise will help ensure that business teams can operate with confidence, knowing their systems and processes are secure.

Ready to make a real impact in energy security? Join us in safeguarding the people, processes and systems that power our transition to net zero!

Key Accountabilities

In this role you will deliver security activities to support bp's business. This role focuses on hands-on security assessment and advisory activities with the following key accountabilities:

• Security Assessments : We need someone that can conduct comprehensive assessments of systems, identifying risks and issues while recommending appropriate remediation measures.

• Technical & Non-Technical Risk Advisory : You'll assess and communicate cybersecurity risks. We want our customers to understand potential impacts and mitigation strategies clearly.

• Cyber Behaviour Promotion : We strive to build a strong cyber security culture. You'll assist with the development and promoting good cyber behaviours in day-to-day operations.

• Incident Management Support : When security incidents happen, we need you to provide specialist security expertise. You'll support incident response activities and improvement recommendations.

• Customer Support : We want you to act as the go-to point of contact for information security. You'll provide timely and accurate expertise on security matters affecting their systems or data.

You will:

• Assess and Evaluate : You'll perform regular security assessments of business systems. We use established methodologies to identify potential risks, weaknesses and security gaps.

• Respond and Advise : We require someone who can offer our customers practical and tailored cyber security solutions. These solutions must align with operational requirements.

• Analyze and Report : You'll evaluate risks and prepare clear, actionable recommendations, and communicate these with both business and technical audiences.

• Support and Collaborate : We work closely with business teams to implement security measures. You'll help maintain robust security posture while aligning with operational needs.

• Promote and Educate : We nurture positive cyber security behaviours! You'll work through targeted awareness activities, training support, and expert guidance.

• Monitor and Review : We want someone who understands the security landscape affecting bp systems and stay ahead of emerging threats and industry standard methodologies.

Education

• Bachelor's degree or equivalent experience in Information or Cyber Security, Computer Science, Engineering.

• Working towards professional certifications such as Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), or CompTIA Security+.

• Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework.

Desirable Experience and Capability

• Previous track record in information security roles in Finance, HR, Trading, Retail, Supply or Oil and Gas companies.

• Ability to explain security concepts to a variety of audiences.

• Solid grasp of cyber risk assessment methodologies and the ability to translate technical findings into business impact assessments.

• Attention to detail and ability to work independently while balancing multiple activities.

• Ability to adapt security recommendations to different operating environments.

• Ability to use technology, data, and insights to enable decision making.

Travel Requirement

Up to 10% travel should be expected with this role

Relocation Assistance:

This role is eligible for relocation within country

Remote Type:

This position is a hybrid of office/remote working

Skills:

Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please  contact us .

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

About the Company:

Toyo India & Modec Singapore have joined hands to start a joint venture, Global Capability Centre at Bangalore.

Corporate Office, Bangalore

About the Role

Engineer – Information Security in the Quality and Information Security Management Department.

Responsibilities

• Establish, Implement, Maintain and Improve Information Security Management System (ISMS) as per ISO 27001:2022 Standard.
• Plan and Conduct Information Security (IS) Trainings.
• IS Risk Assessment and Treatment.
• Incident Management.
• Plan and Conduct ISMS Internal Audits.
• Root Cause Analysis.
• Implementation of IS Best Practices.
• IS Vendor Audits.
• Plan, Schedule and Monitor IS activities.
• Presentation Skills, Interpersonal Skills, Time Management Skills.

Qualifications

• Education Qualification: B.E / Diploma in Computers / Information Technology / Electronics & Telecommunication / etc. from recognized University / Board.
• Technical Qualification: Certified ISO 27001:2022 Internal Auditor / Lead Auditor.
• Experience: 8-12 Years; Relevant: 4-6 Years.

Required Skills

• Certified Information System Auditor (CISA) / Certified Information Security Manager (CISM).
• Knowledge of ISO 31000 and ISO 27005 Standards.
• Experience in Network and Server Security.
• Knowledge related to Software Development Life Cycle (SDLC) Security.
• Knowledge of National (e.g. IT Act) / International Laws / Regulations (e.g. EUGDPR) / Standards (e.g. NIST) related to Information Security.

Preferred Skills

• Develop, Update and Review ISMS Policies and procedures in accordance with ISO 27001.
• Plan and Conduct IS Awareness Trainings.
• Prepare IS Awareness emailers and posters.
• Perform and Evaluate Risks and review Risk Registers of Stakeholders.
• Management of IS Incidents.
• Plan, Conduct Internal Audits and report findings.
• Coordinate and follow up for Internal / External Audit Reports and its closures.
• Plan, coordinate and follow up with External Auditors / Certification Agency for ISO 27001.
• Review Root Cause Analysis, Correction and Corrective Actions.
• Coordinate with stakeholders to improve IS Controls.
• Support Departments to prepare for External Audits.
• Participate in Management Review Meetings Agenda, Presentation, MOM and follow up.
• Review Bidding / Contracts and determine IS requirements.

Role Summary

As a member of Global Security Operations Center, you will be responsible for driving the operational activities of SOC and lead complex investigations, conduct advanced threat analysis, and initiate incident responses activities across various business units. He/she is also responsible for process improvement activities, mentoring the team through training initiatives.

Responsibilities

• Managing shifts / team in the 24X7 SOC Environment.
• Act as a first point of escalation for SOC team and assist with handing out work assignments to the team members.
• Handling escalated security incidents/ issues, Responsible for deep dive analysis of escalated incidents, threat hunting.
• Highlight potential security risks to SOC Manager and concerned SPOCs.
• Maintain and optimize security tools and technologies used within the SOC.
• Support Adhoc investigations on need basis.
• Identify opportunities for continuous improvement in security operations.
• Continuously improve threat detection capabilities, use cases and SOPs.
• Support SOC manager for creating new operational guidelines, processes, and procedures.
• Mentor and provide guidance to L1 analysts and serves as the POC for escalation issues that may arise.
• Support rotational 16x5 operational shifts and on call when needed.

Role Requirements

Experience

At least 7+ years prior experience as a SOC Lead/Lead Analyst in SOC environment with hands-on experience in performing security monitoring and response activities, incident handling, alert tracking, and/or cybersecurity case management.

Process and Technology Skills

• Proven experience in handling any of the EDR solution such as Defender or Crowdstrike.
• Configure and optimize EDR settings to enhance security posture and ensure effective threat detection.
• Analyze threat intelligence and security data to identify trends, patterns, and emerging threats
• Capability to recognize different security situations and refine recurring security notifications by finetuning.
• Respond to security incidents promptly, conducting thorough investigations and implementing remediation strategies to mitigate risks.
• Strong background in incident analysis, evidence collection, documentation, communications, reporting and response.
• Ability to manage cloud security controls, including firewalls, intrusion detection systems, and encryption protocols.
• Lead and coordinate incident response efforts for cloud-related security incidents.
• Collaborate with business and development teams to ensure security best practices are integrated into cloud architecture and deployments.
• Proven experience with cloud platforms such as AWS, Azure, or Google Cloud.
• Experience in mentoring and training junior analysts, Provide technical and functional support to L1 Team with analytical feedback.
• Proven experience in any SIEM tools and/or log management solution
• Must have good knowledge in firewalls, IDS/IPS, Anti-Virus, EDR, Proxy, DNS, email, AD, etc.
• Good understanding of mainstream operating systems (Windows, Linux, etc) and security infrastructure
• Good understanding of log parsing and event analysis (Ability to understand and interpret Windows, Linux OS, firewall, web proxy, DNS log events)
• Expertise in creation of reports, dashboards, metrics for SOC operations
• Knowledge in developing use cases for security monitoring, threat management and threat modelling.
• Knowledge of MITRE or similar frameworks and procedures used by adversaries.
• Advanced knowledge of malware operation and indicators
• Good understanding of ITIL processes including Incident Management, Change Management and Problem Management
• Advanced knowledge of networking fundamentals (OSI Layers, TCP/IP, protocols, and services.)
• Sound knowledge in Information Security policies, procedures, standards, best practices, and guidelines
• Involvement in threat intelligence and cybersecurity communities.
• Deep understanding of Cyber Kill Chain and other applicable analytic models
• Optionally, experience in at least one of the following: Python, PowerShell, VBscript.

Other skills

• Knowledge and understanding of project management methodologies, processes, and tools.
• Strong analytical skills and ability to solve complex technical problems with high attention to detail and accuracy.
• Strong team player and ability to work in a challenging and constantly changing environment.
• Ability to multitask and work independently with minimal direction and maximum accountability.
• Proficiency in verbal and written communication skills.
• Proficiency in time management and presentation skills
• Proficiency in decision-making and problem-solving skills

Education and Certification

• Bachelor’s degree in computer information systems or related field or equivalent demonstrated experience & knowledge.
• Professional certification in Information security like Security+, CCSE, CCSP, AZ900 – AZ500 etc., TICSA, MCSE, CISSP, etc. would be advantageous

About the Company:

Toyo India & Modec Singapore have joined hands to start a joint venture, Global Capability Centre at Bangalore.

Corporate Office, Bangalore

About the Role

Engineer – Information Security in the Quality and Information Security Management Department.

Responsibilities

- Establish, Implement, Maintain and Improve Information Security Management System (ISMS) as per ISO 27001:2022 Standard.
- Plan and Conduct Information Security (IS) Trainings.
- IS Risk Assessment and Treatment.
- Incident Management.
- Plan and Conduct ISMS Internal Audits.
- Root Cause Analysis.
- Implementation of IS Best Practices.
- IS Vendor Audits.
- Plan, Schedule and Monitor IS activities.
- Presentation Skills, Interpersonal Skills, Time Management Skills.

Qualifications

- Education Qualification: B.E / Diploma in Computers / Information Technology / Electronics & Telecommunication / etc. from recognized University / Board.
- Technical Qualification: Certified ISO 27001:2022 Internal Auditor / Lead Auditor.
- Experience: 8-12 Years; Relevant: 4-6 Years.

Required Skills

- Certified Information System Auditor (CISA) / Certified Information Security Manager (CISM).
- Knowledge of ISO 31000 and ISO 27005 Standards.
- Experience in Network and Server Security.
- Knowledge related to Software Development Life Cycle (SDLC) Security.
- Knowledge of National (e.g. IT Act) / International Laws / Regulations (e.g. EUGDPR) / Standards (e.g. NIST) related to Information Security.

Preferred Skills

- Develop, Update and Review ISMS Policies and procedures in accordance with ISO 27001.
- Plan and Conduct IS Awareness Trainings.
- Prepare IS Awareness emailers and posters.
- Perform and Evaluate Risks and review Risk Registers of Stakeholders.
- Management of IS Incidents.
- Plan, Conduct Internal Audits and report findings.
- Coordinate and follow up for Internal / External Audit Reports and its closures.
- Plan, coordinate and follow up with External Auditors / Certification Agency for ISO 27001.
- Review Root Cause Analysis, Correction and Corrective Actions.
- Coordinate with stakeholders to improve IS Controls.
- Support Departments to prepare for External Audits.
- Participate in Management Review Meetings Agenda, Presentation, MOM and follow up.
- Review Bidding / Contracts and determine IS requirements.

Role Summary
As a member of Global Security Operations Center, you will be responsible for driving the operational activities of SOC and lead complex investigations, conduct advanced threat analysis, and initiate incident responses activities across various business units. He/she is also responsible for process improvement activities, mentoring the team through training initiatives.

Responsibilities
Managing shifts / team in the 24X7 SOC Environment.
Act as a first point of escalation for SOC team and assist with handing out work assignments to the team members.
Handling escalated security incidents/ issues, Responsible for deep dive analysis of escalated incidents, threat hunting.
Highlight potential security risks to SOC Manager and concerned SPOCs.
Maintain and optimize security tools and technologies used within the SOC.
Support Adhoc investigations on need basis.
Identify opportunities for continuous improvement in security operations.
Continuously improve threat detection capabilities, use cases and SOPs.
Support SOC manager for creating new operational guidelines, processes, and procedures.
Mentor and provide guidance to L1 analysts and serves as the POC for escalation issues that may arise.
Support rotational 16x5 operational shifts and on call when needed.

Role Requirements
Experience
At least 7+ years prior experience as a SOC Lead/Lead Analyst in SOC environment with hands-on experience in performing security monitoring and response activities, incident handling, alert tracking, and/or cybersecurity case management.

Process and Technology Skills
Proven experience in handling any of the EDR solution such as Defender or Crowdstrike.
Configure and optimize EDR settings to enhance security posture and ensure effective threat detection.
Analyze threat intelligence and security data to identify trends, patterns, and emerging threats
Capability to recognize different security situations and refine recurring security notifications by finetuning.
Respond to security incidents promptly, conducting thorough investigations and implementing remediation strategies to mitigate risks.
Strong background in incident analysis, evidence collection, documentation, communications, reporting and response.
Ability to manage cloud security controls, including firewalls, intrusion detection systems, and encryption protocols.
Lead and coordinate incident response efforts for cloud-related security incidents.
Collaborate with business and development teams to ensure security best practices are integrated into cloud architecture and deployments.
Proven experience with cloud platforms such as AWS, Azure, or Google Cloud.
Experience in mentoring and training junior analysts, Provide technical and functional support to L1 Team with analytical feedback.
Proven experience in any SIEM tools and/or log management solution
Must have good knowledge in firewalls, IDS/IPS, Anti-Virus, EDR, Proxy, DNS, email, AD, etc.
Good understanding of mainstream operating systems (Windows, Linux, etc) and security infrastructure
Good understanding of log parsing and event analysis (Ability to understand and interpret Windows, Linux OS, firewall, web proxy, DNS log events)
Expertise in creation of reports, dashboards, metrics for SOC operations
Knowledge in developing use cases for security monitoring, threat management and threat modelling.
Knowledge of MITRE or similar frameworks and procedures used by adversaries.
Advanced knowledge of malware operation and indicators
Good understanding of ITIL processes including Incident Management, Change Management and Problem Management
Advanced knowledge of networking fundamentals (OSI Layers, TCP/IP, protocols, and services.)
Sound knowledge in Information Security policies, procedures, standards, best practices, and guidelines
Involvement in threat intelligence and cybersecurity communities.
Deep understanding of Cyber Kill Chain and other applicable analytic models
Optionally, experience in at least one of the following: Python, PowerShell, VBscript.

Other skills
Knowledge and understanding of project management methodologies, processes, and tools.
Strong analytical skills and ability to solve complex technical problems with high attention to detail and accuracy.
Strong team player and ability to work in a challenging and constantly changing environment.
Ability to multitask and work independently with minimal direction and maximum accountability.
Proficiency in verbal and written communication skills.
Proficiency in time management and presentation skills
Proficiency in decision-making and problem-solving skills

Education and Certification
Bachelor’s degree in computer information systems or related field or equivalent demonstrated experience & knowledge.
Professional certification in Information security like Security+, CCSE, CCSP, AZ900 – AZ500 etc., TICSA, MCSE, CISSP, etc. would be advantageous

About the Company:

Toyo India & Modec Singapore have joined hands to start a joint venture, Global Capability Centre at Bangalore.

Corporate Office, Bangalore

About the Role

Engineer – Information Security in the Quality and Information Security Management Department.

Responsibilities

• Establish, Implement, Maintain and Improve Information Security Management System (ISMS) as per ISO 27001:2022 Standard.
• Plan and Conduct Information Security (IS) Trainings.
• IS Risk Assessment and Treatment.
• Incident Management.
• Plan and Conduct ISMS Internal Audits.
• Root Cause Analysis.
• Implementation of IS Best Practices.
• IS Vendor Audits.
• Plan, Schedule and Monitor IS activities.
• Presentation Skills, Interpersonal Skills, Time Management Skills.

Qualifications

• Education Qualification: B.E / Diploma in Computers / Information Technology / Electronics & Telecommunication / etc. from recognized University / Board.
• Technical Qualification: Certified ISO 27001:2022 Internal Auditor / Lead Auditor.
• Experience: 8-12 Years; Relevant: 4-6 Years.

Required Skills

• Certified Information System Auditor (CISA) / Certified Information Security Manager (CISM).
• Knowledge of ISO 31000 and ISO 27005 Standards.
• Experience in Network and Server Security.
• Knowledge related to Software Development Life Cycle (SDLC) Security.
• Knowledge of National (e.g. IT Act) / International Laws / Regulations (e.g. EUGDPR) / Standards (e.g. NIST) related to Information Security.

Preferred Skills

• Develop, Update and Review ISMS Policies and procedures in accordance with ISO 27001.
• Plan and Conduct IS Awareness Trainings.
• Prepare IS Awareness emailers and posters.
• Perform and Evaluate Risks and review Risk Registers of Stakeholders.
• Management of IS Incidents.
• Plan, Conduct Internal Audits and report findings.
• Coordinate and follow up for Internal / External Audit Reports and its closures.
• Plan, coordinate and follow up with External Auditors / Certification Agency for ISO 27001.
• Review Root Cause Analysis, Correction and Corrective Actions.
• Coordinate with stakeholders to improve IS Controls.
• Support Departments to prepare for External Audits.
• Participate in Management Review Meetings Agenda, Presentation, MOM and follow up.
• Review Bidding / Contracts and determine IS requirements.

Role Summary

As a member of Global Security Operations Center, you will be responsible for driving the operational activities of SOC and lead complex investigations, conduct advanced threat analysis, and initiate incident responses activities across various business units. He/she is also responsible for process improvement activities, mentoring the team through training initiatives.

Responsibilities

• Managing shifts / team in the 24X7 SOC Environment.
• Act as a first point of escalation for SOC team and assist with handing out work assignments to the team members.
• Handling escalated security incidents/ issues, Responsible for deep dive analysis of escalated incidents, threat hunting.
• Highlight potential security risks to SOC Manager and concerned SPOCs.
• Maintain and optimize security tools and technologies used within the SOC.
• Support Adhoc investigations on need basis.
• Identify opportunities for continuous improvement in security operations.
• Continuously improve threat detection capabilities, use cases and SOPs.
• Support SOC manager for creating new operational guidelines, processes, and procedures.
• Mentor and provide guidance to L1 analysts and serves as the POC for escalation issues that may arise.
• Support rotational 16x5 operational shifts and on call when needed.

Role Requirements

Experience

At least 7+ years prior experience as a SOC Lead/Lead Analyst in SOC environment with hands-on experience in performing security monitoring and response activities, incident handling, alert tracking, and/or cybersecurity case management.

Process and Technology Skills

• Proven experience in handling any of the EDR solution such as Defender or Crowdstrike.
• Configure and optimize EDR settings to enhance security posture and ensure effective threat detection.
• Analyze threat intelligence and security data to identify trends, patterns, and emerging threats
• Capability to recognize different security situations and refine recurring security notifications by finetuning.
• Respond to security incidents promptly, conducting thorough investigations and implementing remediation strategies to mitigate risks.
• Strong background in incident analysis, evidence collection, documentation, communications, reporting and response.
• Ability to manage cloud security controls, including firewalls, intrusion detection systems, and encryption protocols.
• Lead and coordinate incident response efforts for cloud-related security incidents.
• Collaborate with business and development teams to ensure security best practices are integrated into cloud architecture and deployments.
• Proven experience with cloud platforms such as AWS, Azure, or Google Cloud.
• Experience in mentoring and training junior analysts, Provide technical and functional support to L1 Team with analytical feedback.
• Proven experience in any SIEM tools and/or log management solution
• Must have good knowledge in firewalls, IDS/IPS, Anti-Virus, EDR, Proxy, DNS, email, AD, etc.
• Good understanding of mainstream operating systems (Windows, Linux, etc) and security infrastructure
• Good understanding of log parsing and event analysis (Ability to understand and interpret Windows, Linux OS, firewall, web proxy, DNS log events)
• Expertise in creation of reports, dashboards, metrics for SOC operations
• Knowledge in developing use cases for security monitoring, threat management and threat modelling.
• Knowledge of MITRE or similar frameworks and procedures used by adversaries.
• Advanced knowledge of malware operation and indicators
• Good understanding of ITIL processes including Incident Management, Change Management and Problem Management
• Advanced knowledge of networking fundamentals (OSI Layers, TCP/IP, protocols, and services.)
• Sound knowledge in Information Security policies, procedures, standards, best practices, and guidelines
• Involvement in threat intelligence and cybersecurity communities.
• Deep understanding of Cyber Kill Chain and other applicable analytic models
• Optionally, experience in at least one of the following: Python, PowerShell, VBscript.

Other skills

• Knowledge and understanding of project management methodologies, processes, and tools.
• Strong analytical skills and ability to solve complex technical problems with high attention to detail and accuracy.
• Strong team player and ability to work in a challenging and constantly changing environment.
• Ability to multitask and work independently with minimal direction and maximum accountability.
• Proficiency in verbal and written communication skills.
• Proficiency in time management and presentation skills
• Proficiency in decision-making and problem-solving skills

Education and Certification

• Bachelor’s degree in computer information systems or related field or equivalent demonstrated experience & knowledge.
• Professional certification in Information security like Security+, CCSE, CCSP, AZ900 – AZ500 etc., TICSA, MCSE, CISSP, etc. would be advantageous

About the Company:

Toyo India & Modec Singapore have joined hands to start a joint venture, Global Capability Centre at Bangalore.

Corporate Office, Bangalore

About the Role

Engineer – Information Security in the Quality and Information Security Management Department.

Responsibilities

• Establish, Implement, Maintain and Improve Information Security Management System (ISMS) as per ISO 27001:2022 Standard.
• Plan and Conduct Information Security (IS) Trainings.
• IS Risk Assessment and Treatment.
• Incident Management.
• Plan and Conduct ISMS Internal Audits.
• Root Cause Analysis.
• Implementation of IS Best Practices.
• IS Vendor Audits.
• Plan, Schedule and Monitor IS activities.
• Presentation Skills, Interpersonal Skills, Time Management Skills.

Qualifications

• Education Qualification: B.E / Diploma in Computers / Information Technology / Electronics & Telecommunication / etc. from recognized University / Board.
• Technical Qualification: Certified ISO 27001:2022 Internal Auditor / Lead Auditor.
• Experience: 8-12 Years; Relevant: 4-6 Years.

Required Skills

• Certified Information System Auditor (CISA) / Certified Information Security Manager (CISM).
• Knowledge of ISO 31000 and ISO 27005 Standards.
• Experience in Network and Server Security.
• Knowledge related to Software Development Life Cycle (SDLC) Security.
• Knowledge of National (e.g. IT Act) / International Laws / Regulations (e.g. EUGDPR) / Standards (e.g. NIST) related to Information Security.

Preferred Skills

• Develop, Update and Review ISMS Policies and procedures in accordance with ISO 27001.
• Plan and Conduct IS Awareness Trainings.
• Prepare IS Awareness emailers and posters.
• Perform and Evaluate Risks and review Risk Registers of Stakeholders.
• Management of IS Incidents.
• Plan, Conduct Internal Audits and report findings.
• Coordinate and follow up for Internal / External Audit Reports and its closures.
• Plan, coordinate and follow up with External Auditors / Certification Agency for ISO 27001.
• Review Root Cause Analysis, Correction and Corrective Actions.
• Coordinate with stakeholders to improve IS Controls.
• Support Departments to prepare for External Audits.
• Participate in Management Review Meetings Agenda, Presentation, MOM and follow up.
• Review Bidding / Contracts and determine IS requirements.

About the Company:

Toyo India & Modec Singapore have joined hands to start a joint venture, Global Capability Centre at Bangalore.

Corporate Office, Bangalore

About the Role

Engineer – Information Security in the Quality and Information Security Management Department.

Responsibilities

• Establish, Implement, Maintain and Improve Information Security Management System (ISMS) as per ISO 27001:2022 Standard.
• Plan and Conduct Information Security (IS) Trainings.
• IS Risk Assessment and Treatment.
• Incident Management.
• Plan and Conduct ISMS Internal Audits.
• Root Cause Analysis.
• Implementation of IS Best Practices.
• IS Vendor Audits.
• Plan, Schedule and Monitor IS activities.
• Presentation Skills, Interpersonal Skills, Time Management Skills.

Qualifications

• Education Qualification: B.E / Diploma in Computers / Information Technology / Electronics & Telecommunication / etc. from recognized University / Board.
• Technical Qualification: Certified ISO 27001:2022 Internal Auditor / Lead Auditor.
• Experience: 8-12 Years; Relevant: 4-6 Years.

Required Skills

• Certified Information System Auditor (CISA) / Certified Information Security Manager (CISM).
• Knowledge of ISO 31000 and ISO 27005 Standards.
• Experience in Network and Server Security.
• Knowledge related to Software Development Life Cycle (SDLC) Security.
• Knowledge of National (e.g. IT Act) / International Laws / Regulations (e.g. EUGDPR) / Standards (e.g. NIST) related to Information Security.

Preferred Skills

• Develop, Update and Review ISMS Policies and procedures in accordance with ISO 27001.
• Plan and Conduct IS Awareness Trainings.
• Prepare IS Awareness emailers and posters.
• Perform and Evaluate Risks and review Risk Registers of Stakeholders.
• Management of IS Incidents.
• Plan, Conduct Internal Audits and report findings.
• Coordinate and follow up for Internal / External Audit Reports and its closures.
• Plan, coordinate and follow up with External Auditors / Certification Agency for ISO 27001.
• Review Root Cause Analysis, Correction and Corrective Actions.
• Coordinate with stakeholders to improve IS Controls.
• Support Departments to prepare for External Audits.
• Participate in Management Review Meetings Agenda, Presentation, MOM and follow up.
• Review Bidding / Contracts and determine IS requirements.