SG Analytics•9h ago
Naukri
Information Security Lead
Hybrid - Chennai
Full Time
Mid Level
Full Job Description
Responsibilities
Internal Risk
- Execute risk assessments for applications, data flows, infrastructure/cloud changes, and programs.
- Identify control gaps, likelihood, and impact; propose treatment options.
- Log risks, issues, and exceptions; define owners, due dates, and validation steps.
Third-Party/Vendor Risk
- Perform vendor assessments (questionnaires, evidence review, SIG/CAIQ or equivalent).
- Assign inherent/residual risk; recommend contractual or technical controls.
- Track mitigation, plan of action, milestones, and reassessment cadence.
Risk Governance and Reporting
- Maintain the enterprise risk register and status dashboards.
- Support risk acceptance workflow with clear rationale and expiry/review dates.
- Synthesize risk themes, trends, and systemic issues for management reviews.
Secure Design / Threat Modeling
- Facilitate lightweight threat modeling workshops; capture risk cases.
- Align design decisions to control baselines and risk appetite.
Experience & Qualifications
3-5 years in security risk/third-party risk, security architecture, or audit/assurance with a risk emphasis.
Practical knowledge of risk rating methods, control frameworks (ISO 27001, SOC), and vendor due diligence.
Ability to read technical evidence (Cloud configurations, network/app diagrams) and translate it to risk.
Nice to have:
- CRISC, ISO 27005, CCSK/CCSP, threat modeling familiarity (STRIDE/LINDDUN).
Company
SG Analytics
Hybrid - Chennai
Posted on Naukri