Gleren Technologies
Website:
gleren.com
Job details:
Summary -
We are seeking an immediate joiner highly motivated and detail-oriented Information Security Analyst to strengthen and enhance our client’s information security posture. The ideal candidate should have hands-on experience implementing and managing ISO 27001 and SOC 2 compliance frameworks from the ground up, including policy development, risk assessments, audit coordination, and control implementation.
This role requires close collaboration with cross-functional teams to ensure compliance with security standards, support ongoing governance initiatives, manage security operations activities, and respond to client security assessments, RFPs, and due diligence requests. The candidate should possess strong analytical skills, a proactive approach to risk management, and the ability to drive security and compliance initiatives independently in a fast-paced environment.
Key Accountabilities
Operational
- Lead end to end ISMS and SOC2 implementation program for the customers
- Expertise in conducting internal audits, risk assessment and gap analysis
- Expert understanding and hands-on experience with the ISO 27001 standard requirements and SOC2 trust principles
- Work closely with the client team for creation of the document library and audit packs
- Track and report implementation status, govern the management meetings and report the status to client leadership
- Develop, implement, and maintain the Information Security Management System (ISMS)
- Execute Information Security and SOC2 remediation plans
- Document and walkthrough of the Information Security policies, procedures, standards, and baselines
- Drive ISO 27001 and SOC 2 certification and audit readiness activities
- Maintain security documentation including policies, standards, procedures, and evidence repositories
- Respond to client and prospect security questionnaires, RFPs, RFIs, and due diligence requests with accurate and compliant information
- Collaborate with internal stakeholders including IT, Legal, Compliance, Product, Engineering, and Sales teams to support security and compliance requirements
Developmental
- Stay updated on emerging cybersecurity threats, technologies, and compliance requirements
- Continuously enhance and maintain the organization-wide ISMS methodology aligned with industry best practices
Key Responsibilities
- Develop, implement, maintain, and continuously improve the ISMS framework based on ISO 27001:2022 requirements
- Conduct security audits, gap assessments, and compliance reviews to identify vulnerabilities and control gaps
- Perform risk assessments and maintain risk registers and risk treatment plans
- Review and assess security controls against frameworks such as ISO 27001, SOC 2, and GDPR
- Prepare audit reports, risk assessments, compliance dashboards, and management presentations
- Coordinate with internal teams to implement corrective and preventive actions for identified findings
- Track remediation activities and ensure timely closure of audit observations and security risks
- Support internal and external audits, certification activities, and evidence collection processes
- Conduct security awareness and compliance training sessions across the organization
- Work closely with Engineering, Product, Legal, Customer Success, and Operations teams to integrate security best practices into business and development processes
- Own and manage responses to client security assessments, questionnaires, RFPs, RFIs, and third-party audits
- Maintain repositories of security policies, certifications, standard responses, and audit evidence artifacts
- Support Sales and Pre-sales teams by addressing customer security and compliance requirements
- Assist in business continuity, disaster recovery, and incident response planning activities
Qualifications
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
- 4-7 years of hands-on experience in Information Security, Compliance, or ISMS implementation, preferably within SaaS or technology environments
- Proven experience implementing and managing ISO 27001 and SOC 2 compliance programs
- Strong understanding of information security frameworks, governance models, and regulatory requirements
- Experience conducting risk assessments, internal audits, and remediation tracking
- Excellent analytical, documentation, communication, and stakeholder management skills
- Relevant certifications such as CISA, CISSP, CISM, ISO 27001 Lead Implementer, or Lead Auditor are preferred
Must- have Skills
- Hands-on experience with Internal Audits and Risk Assessments
- Experience with compliance automation and GRC tools such as DRATA or VANTA
- Strong understanding of Business Continuity and Disaster Recovery processes
- Experience reviewing and maintaining Information Security policies and procedures
- Experience handling client security assessments, vendor risk questionnaires, and RFP responses
- Ability to independently drive security and compliance initiatives in a fast-paced environment
- Strong attention to detail with a proactive and solution-oriented approach to risk management
Click on Apply to know more.