Information Security Specialist (Klo Job No 99)

Key Responsibilities

1. Security Operations & Monitoring

• Monitor alerts from SIEM, EDR, and other tools for threats or anomalies.
• Investigate and escalate security incidents; support containment and root cause analysis.
• Manage log correlation, detection rules, and participate in red/blue team exercises.

2. Compliance & Audit Support

• Maintain and enforce controls for RBI cybersecurity framework, DPDP Act, and PCI DSS.
• Prepare documentation and evidence for internal and external audits.
• Track remediation of audit findings and ensure ongoing compliance with Indian regulations.

3. Identity, Access & Data Protection

• Enforce RBAC, MFA, and privileged access controls across infrastructure and SaaS platforms.
• Maintain data flow maps, encryption policies, and data masking controls.
• Support implementation of DLP, email security, and data classification tools.

4. Vulnerability & Risk Management

• Conduct regular vulnerability scans and coordinate remediation with IT and DevOps teams.
• Track high/critical CVEs and ensure closure within defined SLAs.
• Support third-party risk assessments and vendor reviews (especially cloud, KYC, and payment services).

5. Project & Infrastructure Security

• Participate in security reviews of internal IT projects, including upgrades, automation, and tool integrations.
• Ensure secure configuration and hardening of back-office systems such as Active Directory, file servers, email gateways, and collaboration tools
• Support security controls for endpoint management, network segmentation, internal VPNs, and remote access tools.
• Assist in defining and maintaining baseline security standards across internal infrastructure (Windows/Linux servers, databases, admin tools).
• Work with IT/Infrastructure teams to implement patch management, asset inventory, and access control policies for internal systems.

6. Awareness & Training

• Deliver security awareness programs focused on phishing, data handling, and social engineering.
• Contribute to tabletop incident simulations and RBI cybersecurity drills.

✅ Qualifications

Required:

• 3–5 years in cybersecurity or information security roles, preferably in fintech, banking, or regulated industries.
• Understanding of:
  • RBI IT Framework, DPDP Act, ISO 27001, PCI DSS, and CERT-IN advisories.
  • Cloud security and network segmentation.
  • Identity and access management principles (Okta, Azure AD, etc.).

Preferred:

• Certifications: ISO 27001 LA/LI, CompTIA Security+, CEH, CISA, or CISSP Associate.
• Familiarity with:
  • Tools: Wazuh/Splunk, OpenVAS, Microsoft Defender, MS365.
  • Payment flows (UPI, IMPS), eKYC APIs, Aadhaar tokenization, or fintech fraud vectors.