Information Security Analyst

It’s never been a more exciting time to join Vistra.

At Vistra our purpose is progress. We believe that our clients have the power to change the world and to do great things for global progress, and we exist to remove the friction that comes from the complexity of global business – to help our clients achieve progress without friction.

But progress only happens when people come together and take action. And we’re absolutely committed to building a culture where our people can do just that.

We have an exciting opportunity for you to join our team as Information Security Analyst. Reporting to the Head of Department, this full-time and permanent position is based in Mumbai, India, and offers regional coverage, allowing you to make a significant impact to our Cyber Security Department and its’ growth.

Purpose of Role

As Information Security Analyst at Vistra you’ll be responsible for strengthening our technology governance and compliance program to ensure adherence with regulatory & customer requirements and industry best practices. This is an individual contributor role where you will partner across corporate, operations, and technology teams to implement practices to enhance our processes related to tech & third -party risk mgmt., business continuity planning, and internal/external audit engagement.

Key Responsibilities

• Adhere, prioritize, plan, and execute risk and control assessment roadmaps through collaboration with technology, cybersecurity, legal, compliance, including the on-going resequencing of projects and assessments in the portfolio roadmap as priorities shift

• Ensure that necessary security due diligence/risk assessment of our vendor/third-party portfolio is maintained

• Act as a key contact point for external auditor activity/assessments; customer security due diligence requests

• Support compliance with cybersecurity frameworks including NIST, ISO 27001/2, ISAE and experience with regulations like China CSL, GDPR, PDPA etc. an advantage

• Facilitates the processes necessary to ensure that we have effective disaster recovery (DR) & business continuity (BCP) to overcome technology disruptions

• Update our security risk register reflecting learnings and opportunities identified

• Continuously support evaluation of the organization’s existing security and compliance practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization

• Support and facilitate testing of our business continuity and disaster recovery plans with appropriate business and technology stakeholders

Attributes/Technical Skills

Core Competencies:

1. 2-5 years of experience in information security, GRC, BCP/DR, and/or risk management
2. exposure in participation/implementing security compliance programs
3. Exposure to one or more GRC tools
4. Good experience of relevant control frameworks such as ISO, NIST, CIS etc.
5. Ability to work both independently and collaboratively with peers, across virtual teams, and with management across different countries and cultures.

Technical Skills Required:

• Information Security Management: Profound knowledge of information security principles, frameworks (e.g., ISO 27001, NIST), and regulations (e.g., GDPR).
• Business Continuity and Disaster Recovery Planning: Experience in testing BCP and DR plans. Understanding of new regulations e.g. DORA
• Risk Assessment and Management: Experience in conducting risk assessments, audits, and applying risk management strategies.
• IT Systems and Network Security: Basic understanding of IT infrastructure, network security, and the various threats posed to them.
• Languages: Proficiency in English is required to cater to the specific regional focus in Asia, particularly for effective communication and training delivery.

Relevant Experience

Essential Experience:

• Years of Experience: 2-5 years of experience in information security, GRC, BCP/DR, and/or risk management

Type of Experience:

• Proven track record in supporting development information security policies and procedures within a global organization.
• Hands-on experience with Business Continuity Planning (BCP), Disaster Recovery (DR) processes. Experience in conducting risk assessments, managing audits (internal and external), and compliance checks with information security standards (e.g., ISO 27001, NIST), alongside understanding of IT and network security principles.
• Effective communication skills

Desirable Experience:

Type of Experience:

Contributions to the development and maintenance of information security frameworks and certifications within an organization.

Education and Professional Qualification

Educational Background:

A bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field is required.

Demonstrable knowledge and understanding of information security frameworks and standards such as ISO 27001, NIST, or similar.

Company Benefits:

At our Vistra India office, we believe in putting our employees’ well-being first! We offer a hybrid working arrangement. Additionally, we provide attractive insurance benefits, excellent job exposure and career prospects.

If you are excited about working with us, we encourage you to apply or have a confidential chat with one of our Talent Acquisition team members. Our goal is to make this a great place to work where all our people can thrive. We hope you join us on this exciting journey!