Lead - Information Security

Lead - Information Security

Description

Roles and Responsibilities
- Serve as the primary point of contact for client security-related issues, escalating and resolving technical client escalation issues.
- They act as the Client Assurance Subject Matter Expert (CA SME) in collaboration with the Service Management (SM) team.
- Engage in and host client meetings to review deliverables, discuss requests, and provide high-level security expertise and support on existing controls and frameworks.
- Assist with client management aspects, including questionnaires, timely response to client queries, and concerns.
- Handle technical client escalation issues before reaching the Director CA, documenting and mitigating future escalations.






- Provide technical support during the entire audit process, including following up on audit findings for remediation.
- Proactively collect, document, and store evidence needed for client audits.
- Engage SMEs from different business units through quarterly meetings.
- Communicate client security control requirements to the SM team through regular training sessions.
- Proactively engage SMEs to update the evidence library with new information.
- Review FAQs for all business units annually and update with the latest information.
- Develop and maintain customer-facing Security overview presentations.
- Manage new vulnerabilities from external sources, internal penetration tests, or client notifications.
- Identify the impact of vulnerabilities and generate initial communications for clients.
- Attend real-time vulnerability calls for urgent issues and follow up on remediation progress.
- Update and respond to technical issues raised by the RFP team.






- Organize SharePoint folders for easy access to information and evidence.
- Manage Jira updates and maintain accuracy in the CA confluence space.
- Review and update the Client Assurance Standard Operating Procedure after consulting with the team.
- Coordinate SME support for client audits in collaboration with the CA Service Management team.
- Train teams on security controls and processes monthly, storing sessions in an easily accessible location.
- Educate the Service Management team on updates and new developments in the security space.
- Coordinate training opportunities from SMEs for the team to learn different security controls.
- Orchestrate the annual review with Compliance of company-wide Security information presentations.






- Support client-facing teams in sales meetings and client communications requiring security specialist support.
- Operate with urgency for fast turnaround in competitive situations.
- Engage in SOC operations threat tracking.
- Participate in incident management, change control meetings, and cloud migration initiatives.
Requirements
- Ability to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance.
- Bachelor’s degree in computer science, Engineering, Information Systems, Business, or other Information security disciplines OR 7+ years of relevant professional experience in Information Security or IT Risk Management.
- Desired: relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) and GRC tools.






- Understanding of legal and regulatory compliance standards and requirements against data and IT, including, CIS, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST, and COBIT.
- Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; Excellent interpersonal, verbal, and written communication, including good presentation skills.
- Can multi-task, communicate clearly, learn new technologies and processes, and provide support to process/solution owners.
- Can drive projects focused on continuous improvement and efficiencies in the organization. Is someone who takes initiative and doesn’t require continuous monitoring.
- Ability to communicate complex information,





concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- Ability to understand technology, management, and leadership issues related to organization processes and problem-solving.
- Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
- Knowledge of information security program management and project management principles and techniques.
- Knowledge of products that protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring, and logging mechanisms, etc.

▶️ Lead - Information Security
🖊️ Envestnet | Yodlee
📍 Thiruvananthapuram