Qureos

Find The RightJob.

companyLogo
ClearTax

InfoSec Engineer II

Department
Engineering
Job posted on
Feb 23, 2026
Employment type
Defmacro FTE
Key Responsibilities
1. Compliance Operations & Audit Readiness
  • Demonstrate hands-on working knowledge of at least one major security framework (ISO 27001, SOC 2, GDPR, DPDP, etc.) and the ability to learn others quickly.
  • Interpret audit findings/NCs, identify compliance gaps, and drive closure independently with cross-functional teams (Infra, Engineering, Product, Legal, HR).
  • Maintain continuous readiness for internal/external audits through structured evidence management, document updates, and control monitoring.
2. Risk Management & Governance
  • Perform internal gap assessments, maturity assessments, and risk analyses mapping to ISO 27001/31000, NIST CSF, CIS, SOC2, DPDP.
  • Assist in building, implementing, and maintaining governance frameworks, security policies, SOPs, standards, and control libraries.
  • Create impact-oriented risk dashboards, KRIs/KPIs, and compliance scorecards for leadership.
3. Security Automation & Control Monitoring
  • Work with the Cyber Security Leader to automate recurring governance operations, including access reviews, evidence workflows, risk scoring, vendor assessments, and configuration audits.
  • Review and monitor security configurations for tools like MDM, DLP, EDR, IAM, CIEM, SSO, etc., and ensure deviations are tracked and remediated.
  • Build AI governance layer and perform security reviews
4. Third-Party/Vendor Risk Management
  • Conduct and maintain end-to-end vendor security reviews, DPAs, privacy assessments, and risk profiles.
  • Work with Procurement, Legal, and Engineering to onboard vendors and ensure contractual compliance with global standards.
5. Privacy, Global Regulations & Due-Diligence Support
  • Research new privacy/security laws (DPDP, GDPR, PDPL UAE/KSA, LHDN Malaysia, EU PDP, etc.) and translate them into actionable business requirements.
  • Respond to enterprise client security due-diligence questionnaires, RFPs, contractual clauses, and customer audits.
6. Awareness, Training & Culture
  • Plan and deliver employee security awareness initiatives—trainings, phishing drills, campaigns, newsletters, and behavioral insights.
  • Maintain documentation for incidents, BC/DR exercises, and compliance operations to support org-wide security culture.
Required Skills & Experience
  • Bachelor’s/Master’s degree in Computer Science, Information Security, Engineering, or related field.
  • 3–6 years of GRC, Security Governance, Compliance, Audit, or IT Risk Management experience in a SaaS or cloud-first environment.
  • Understanding of frameworks & standards: ISO 27001/31000, SOC2, NIST CSF, CIS, COBIT, COSO.
  • Good familiarity with DPDP, GDPR, CERT-In, and sector-specific regulations.
  • High sense of ownership and accountability — able to independently take a task from requirement to completion without needing follow-ups.
  • Strong ability to translate compliance frameworks into actionable tasks and measurable controls.
  • Analytical mindset with strong documentation and problem-solving abilities.
  • Excellent communication skills for dealing with auditors, enterprise customers, and internal leadership.

Similar jobs

No similar jobs found

© 2026 Qureos. All rights reserved.

Term of usePrivacy policy