457 Information Security Analyst jobs in Mumbai

Responsibilities:

* Conduct penetration tests, security assessments & SIEM monitoring

* Implement ISO standards & GDPR compliance

* Ensure SOC readiness & NIST framework adherence

* Manage Guard Duty program & Sophos/IDS systems

Health insurance

Provident fund

Flexi working

Cafeteria

Pregnancy care program

Employee Assistance Program (EAP)

Life insurance

Maternity policy

A. ITGC / IS – IT Audit

• Infrastructure Security Controls
• Change Management Controls
• User Access Management Controls
• HR Security Controls
• Application Controls
• Incident Management Controls
• Patch Management Controls
• Backup Management Controls
• BCP Controls
• DR Controls
• System Development Controls
• Communication Security Control
• Operational Security Controls

B. ISO 27001 Audit

• Information Security Policies Control
• HR Security Controls
• Asset Management Controls
• Access Control
• Cryptography Control
• Physical and Environmental Security Controls
• Operational Security Controls
• Communication Security Control
• System Acquisition and Maintenance Control
• Supplier Relationship control
• Security Incident Management Controls
• Business Continuity Management Controls
• Compliance

Job Type: Full-time

Pay: ₹30, ₹35,000.00 per month

Experience:

• IT auditing: 2 years (Preferred)

Work Location: In person

Gold is the most trusted asset across the entire world and one of the largest asset classes in India. The total traded value of gold in India exceeds $300 billion annually – nearly all of it in an unorganised, offline manner. We, at SafeGold, are building the digital infrastructure to organise the gold market using technology. SafeGold is India's largest digital gold platform with 55 million customers and 110+ distribution partners across India, Thailand and UAE. The focus has always been on revenues and profitability growth which has been widely recognised.

With revenues of more than Rs. 6000 Crs in the year ending March-24, we have been part of the Financial Times rankings of the fastest growing startups in the Asia-Pacific region since 2021 till date. SafeGold is backed by the World Gold Council and leading venture capital funds, Beenext and Pravega.

Key responsibilities

• Monitor security alerts and respond to incidents in a timely and effective manner
• Conduct regular vulnerability assessments, penetration tests, and security audits
• Analyze security breaches and recommend appropriate countermeasures .
• Review and improve existing security policies, procedures, and controls on an ongoing basis.
• Manage security tools such as SIEM, AWS GuardDuty, Sophos, IDS/IPS, etc.
• Support compliance efforts with frameworks such as ISO 27001, SOC 2, GDPR, etc.
• Work with DevOps/IT teams to ensure secure configuration of systems and cloud environments
• Conduct third-party risk assessments and vendor security evaluations
• Educate employees on security awareness and best practices and make sure that the annual security awareness training is completed by the entire organization.
• Document incidents, create reports, and maintain logs

Requirements

• Bachelor's degree in Information Technology, Computer Science, or a related field
• 2–5 years of experience in information security or a related field
• Familiarity with security tools (e.g., Nessus, Splunk, Qualys, Wireshark)
• Understanding of network protocols, system hardening, and incident response
• Strong knowledge of security standards (NIST, ISO 27001, CIS, OWASP)
• Excellent analytical and problem-solving skills

Qualifications - good to have.

• Professional certifications such as CompTIA Security+, CEH, CISSP, CISA, ISO 27001 LA/LI, or AWS Security Specialty
• Experience with compliance audits (e.g., SOC 2, PCI-DSS, ISO 27001)
• Knowledge of scripting (Python, Bash, etc.) for automation of tasks
• Experience working in a fintech/startup/regulated industry environment

• Monitor security alerts and events using SIEM and other security tools.
• Investigate security incidents, analyze their impact, and facilitate remediation efforts.
• Conduct regular vulnerability assessments and penetration testing.
• Implement and maintain security policies, procedures, and controls.
• Develop and deliver security awareness training to employees.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.
• Assist in the development and maintenance of incident response plans.
• Collaborate with IT teams to ensure the security of network infrastructure and systems.
• Perform security reviews of new applications and systems.
• Contribute to the continuous improvement of the information security program.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3-5 years of experience in information security or a related role.
• Strong understanding of cybersecurity concepts, including network security, cryptography, and security frameworks (e.g., NIST, ISO 27001).
• Experience with security tools such as firewalls, IDS/IPS, antivirus, and SIEM solutions.
• Knowledge of vulnerability management and incident response processes.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Relevant certifications such as Security+, CISSP, or CEH are a plus.
• Ability to work independently and as part of a team.
• A proactive and detail-oriented mindset.

• Monitor security infrastructure for potential threats and vulnerabilities.
• Analyze security alerts and logs to detect and respond to security incidents.
• Conduct vulnerability assessments and penetration testing.
• Implement and manage security controls, including firewalls, intrusion detection/prevention systems, and antivirus software.
• Develop and maintain security policies, procedures, and documentation.
• Ensure compliance with relevant industry regulations and standards (e.g., ISO 27001, GDPR).
• Provide security awareness training to employees.
• Collaborate with IT teams to implement security best practices in system design and development.
• Investigate security breaches and develop incident response plans.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.
• Assist in security audits and risk assessments.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 2-4 years of experience in information security, cybersecurity, or IT risk management.
• Knowledge of security frameworks and best practices (e.g., NIST, CIS Controls).
• Experience with security tools such as SIEM, IDS/IPS, vulnerability scanners, and endpoint detection and response (EDR) solutions.
• Understanding of network security principles, cryptography, and common attack vectors.
• Familiarity with operating systems (Windows, Linux) and cloud security concepts.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Relevant certifications such as CompTIA Security+, CEH, or CISSP are a plus.