Incident And Compliance Analyst

cum Position Title: Incident & Compliance Analyst (Deputy Manager/Assistant Manager)

About the Role

We are seeking a proactive, detail-oriented, and versatile professional to join our Information Security team as anIncident & Compliance Analyst. This role combines the responsibilities of managing information security incidents and ensuring compliance with cybersecurity frameworks and regulatory requirements.

The selected candidate will act as a liaison with government agencies, handle information security incidents, strengthen the organizations cyber posture, and ensure timely communication of updates and learnings.

Key Responsibilities

Incident Management and Analysis:

• Investigate reported information security incidents to determine their scope, impact, and root cause.
• Identify responsible individuals or processes contributing to incidents and suggest corrective actions.
• Document findings, create detailed incident reports, and communicate learnings to stakeholders.

Compliance Coordination and Stakeholder Management:

• Act as a liaison with government agencies (e.g., NCSCC, NCIIPC, CERT-IN, NTRO/DOT) to share and receive critical information related to cyber and information security incidents.
• Maintain a repository of communications, advisories, and updates from regulatory bodies for the organization.
• Ensure timely and accurate reporting of incidents to relevant stakeholders and authorities.

Cybersecurity Posture Strengthening:

• Identify key areas for improvement in the organizations cyber and information security posture.
• Collaborate with internal teams to implement measures that address identified gaps and enhance security.
• Monitor and evaluate the effectiveness of implemented measures and recommend further improvements.

Routine Information Security Management:

• Manage exceptional usage requests, ensuring compliance with organizational policies.
• Oversee information asset gate entry and access management to ensure secure handling of assets.
• Maintain records of access and usage approvals, ensuring proper documentation and traceability.

Strategic Communication and Reporting:

• Prepare detailed management summaries of incidents for strategic communication and decision-making.
• Support preparations for Management Incident Summary Forum (MISF) meetings.
• Present periodic reports on incident statistics, root causes, preventive actions, and compliance updates.
• Provide training and guidance to employees on incident prevention, compliance, and security best practices.

Qualifications and Skills

Education:

• Bachelors degree in Information Technology, Computer Science, Cybersecurity, or a related field.

Looking to get Placed? Try our Placement Guarantee Plan

Get Hired

Work Experience:

• 3-5 years of total experience, with at least 2 years in information security incident handling, compliance coordination, IT operations, or a related field.
• Experience in liaising with government agencies or regulatory bodies is a strong advantage.

Certifications (Preferred):

• ISO 27001 Lead Auditor/Implementer
• CISSP (Certified Information Systems Security Professional) / CISA (Certified Information Systems Auditor) / CRISC (Certified in Risk and Information Systems Control) or similar

Technical Skills:

• Strong knowledge of cyber security frameworks, standards, and regulatory requirements.
• Familiarity with incident response frameworks, methodologies, and tools (e.g., SIEM, IDS/IPS etc.).
• Understanding of IT infrastructure, security controls & proficiency in root cause analysis & problem-solving.

Soft Skills:

• Excellent communication and interpersonal skills for effective coordination with stakeholders.
• Strong analytical & critical thinking abilities for attention to detail & ability to prepare concise & accurate reports.
• Proactive approach to identifying and addressing compliance and security issues.