Information Security Analyst – Secu...

Eurofins IT Solutions India Pvt Ltd (EITSI) is seeking an Information Security Analyst with a focus on security certifications to join our team in Bengaluru, India. This role reports to the Manager, Information Security, with a reporting location in Katowice, Poland, but the working location is India.

The primary responsibilities of this role will revolve around managing attestations and certifications for various Eurofins functions. You will provide guidance and support for customer questionnaires, assist with external audits such as SOC 2 (Type 1/Type 2), ISO 27001, and other IT audits based on NIST Cybersecurity frameworks for relevant functions and regions.

Key objectives include defining and reviewing test procedures and controls based on organizational policies, executing tests for defined controls (IT General Controls, Technical, Physical) as part of Test of Design (TOD) and Test of Effectiveness (TOE). You will manage the reporting phase of testing, ensuring clarity of findings and explaining them to management stakeholders. This includes following up on reported findings for remediation and monitoring compliance through GRC tools and dashboards, collaborating with stakeholders to mitigate gaps. Familiarity with ITIL standardized processes for monitoring Service Now requests is also expected.

We require a minimum of 3 to 9 years of professional experience in Governance, Risk, and Compliance (GRC) or IT Audits. Essential knowledge includes technical security concepts related to IT General Controls (ITGC), such as Identity & Access Management, Physical Security, Incident Management, Business Continuity & Disaster Recovery, Change Management, Logging & Monitoring, Data Management, Asset Management, and Risk Management. Proficiency in at least two of the following frameworks/standards is necessary: SOC 2 (Type 1/Type 2), ITIL/ITSM, ISO/IEC 27001, or NIST Cybersecurity. Additional knowledge of regulations like GDPR or SWIFT Attestation is beneficial. Excellent verbal and written English communication skills are mandatory.

An added advantage would be any security-related certifications such as ISO27001, CISA, or CISSP. Experience working with a multinational corporation (MNC) or a Big 4 accounting firm is also considered a plus.

The ideal candidate will have an educational background in IT or Information Security. Any related IT Security certification will be an added advantage.