IT Security Analyst / Senior IT Security Analyst
Position Summary:
We are seeking a proactive, detail-oriented Senior IT Security Analyst to play a key role in strengthening our enterprise security, privacy, and AI governance posture. This role combines hands-on security operations with Governance, Risk, Compliance (GRC), privacy management, and emerging technology governance. The successful candidate will support ISO 27001 certification, NIS2 alignment, privacy compliance (GDPR, DPDP), and responsible AI governance while fostering a strong security and privacy culture across global teams.
Key Responsibilities:
1. Governance, Risk, and Compliance (GRC)
• Maintain ISO 27001 certification, including annual internal audits, management reporting, and continuous improvement activities.
• Align the Information Security Management System (ISMS) and supporting policies with NIS2 Directive requirements in collaboration with Legal and Compliance.
• Conduct quarterly enterprise risk assessments, maintain the Enterprise Risk Register, and track risk treatment actions to closure.
• Coordinate and support external audits, ensuring timely evidence submission and zero major non-conformities.
2. Security Operations & Incident Response
• Act as a central point of contact for IT Security queries and advisory support to business and IT teams.
• Leverage Threat Intelligence tools and platforms to monitor emerging threats, vulnerabilities, and indicators of compromise (IOCs) relevant to the organization. Classified as Confidential
• Analyze threat intelligence feeds and reports to proactively identify risks, recommend mitigations, and enhance detection and response capabilities.
• Support security incident and data breach response, including investigation, documentation, root cause analysis, and post-incident reviews.
• Perform quarterly firewall rule, port, and application access reviews for critical systems.
• Conduct annual application security reviews, managing exceptions, compensating controls, and remediation tracking.
3. Policy, Awareness, and Stakeholder Collaboration
• Lead annual global security and privacy policy reviews, ensuring alignment with regulatory, contractual, and organizational requirements.
• Drive security and privacy awareness initiatives, including Cybersecurity Awareness Month and monthly “Knowledge Bytes.”
• Collaborate closely with IT, Legal, Privacy, Data, and Business stakeholders to embed security-by-design and privacy-by-design principles.
4. Strategic Security Initiatives & Capability Building
• Support SIEM optimization, ensuring comprehensive log onboarding from critical assets and use cases.
• Assist with deployment and maturity of DLP and other security technologies, using milestone-based delivery and reporting.
• Complete RFPs, vendor security assessments, and third-party risk questionnaires. • Maintain and update the Project Security Manual on a quarterly basis, ensuring alignment with security, privacy, and AI governance requirements.
5. Privacy Governance (PIA / DPIA, ROPA)
• Support execution of Privacy Impact Assessments (PIA/DPIA) for new and existing systems, processes, and high-risk data processing activities.
• Maintain and periodically review the Record of Processing Activities (ROPA) in coordination with Privacy and Business teams.
• Ensure security controls and processes support key privacy principles, including data minimization, purpose limitation, retention control, and secure processing.
• Assist in managing privacy incidents and breaches, including impact assessment, evidence collection, and regulatory notification support under GDPR, DPDP, and NIS2.
6. AI Governance and Emerging Technology Risk
• Support the implementation of AI governance controls, including risk assessment, classification, and documentation of AI/ML use cases. Classified as Confidential
• Assist in conducting AI risk and impact assessments, ensuring alignment with security, privacy, ethical, and regulatory expectations.
• Collaborate with IT, Data, Legal, and Business teams to ensure responsible AI practices, including transparency, accountability, and security-by-design.
• Maintain documentation and evidence to support AI governance audits, internal reviews, and regulatory readiness.
Required Qualifications:
• Bachelor’s degree in Information Security, Computer Science, or a related field.
• 2–8 years of experience in IT security, with exposure to GRC, privacy, and operational security.
• Strong working knowledge of ISO 27001, NIS2, GDPR, DPDP, enterprise risk management, and privacy governance practices.
• Practical experience with SIEM, DLP, vulnerability management, identity and access management, and security monitoring tools.
• Excellent analytical, documentation, and stakeholder engagement skills.
Preferred Qualifications:
• Certifications such as ISO 27001 Lead Auditor/Lead Implementer, CIPP/E, CEH, Security+, SSCP, or equivalent.
• Experience supporting PIA/DPIA, ROPA, and privacy governance programs across regions.
• Exposure to AI governance, responsible AI frameworks, or emerging technology risk management.
- Business area
- Enabling Functions
- Role
- CISO
- Locations
- Hyderabad
Hyderabad
About Columbus India
Columbus is a consultancy company focused on helping organizations drive business value by advising, creating, and advancing the entire business. We deliver digital value through human intelligence, enabling our customers to innovate and grow.