Information Security Analyst

Welcome to Decision Foundry!

We are both a high growth startup and one of the longest tenured Salesforce Marketing Cloud Implementation Partners in the ecosystem. Forged from a 19-year-old web analytics company, Decision Foundry is the leader in Salesforce intelligence solutions.

We win as an organization through our core tenets. They include:

• One Team. One Theme.
• We sign it. We deliver it.
• Be Accountable and Expect Accountability.
• Raise Your Hand or Be Willing to Extend it.
  https://decisionfoundry.com/ 
  

About Role:

The Information Security Analyst will mainly assist InfoSec & IT Department in managing Governance, Risk, Compliance and Privacy related activities. Further ensuring the Continuous Improvement activities are taken in timely basis and monitored. Working closely with the Internal and External Auditors in managing the Certification programs.

Job Description:

• Manage the organization's adherence to industry standards and regulations such as ISO, SOC, GDPR, DPDP, and HIPAA.

· Participate in internal and external audits to ensure successful compliance and certification programs.

• · Develop IT security policies, standards, procedures, and controls, and enhance them periodically to meet organizational and industry requirements.
• Serve as the sole point of contact for managing all client questionnaires related to the organization's IT security and risk posture.
• Develop data flow diagrams and manage data security controls throughout the organization.
• Respond to privacy-related requests from internal and external stakeholders.
• Manage the Information Security portal for continuous compliance, fulfilling all requirements of the compliance program.
• Coordinate and follow up with respective departments to ensure adherence to the Information Security Program.
• Develop and conduct the Information Security Awareness and Employee Training Program.
• Monitor and report on Security Dashboards, IT & Security Metrics, Risk Register, etc.

Requirements

• Experience in IT Security & GRC Domain.
• Experience in managing data security and controls.
• Knowledge of various industry standards and best practices, as well as legal acts and policies.
• Interest in creative designs and content writing related to Information Security.
• Experience in managing reporting operations.
• Effective communication skills.
• Flexibility to work in different time zones as per project requirements (This does not imply night shifts).

Should have -

• 4-6 years of experience in the Information Security domain, preferably in the GRC domain.
• Degree or Diploma in IT is essential.
• Certifications like CISM, CISA, or Security+ are preferred.
• Proficiency in English is required for content and policy drafting.
• ISO 27001 Lead Implementor/Auditor Certification is an added advantage