Analyst II, Information Security

About the role

Part of the Assurance and Testing function, the team supports a global project portfolio spanning ISO 27001 certification, TISAX, and Cyber Essentials across 30+ locations. It maintains a robust presence in key hubs such as Gurgaon, Mumbai, Chennai, Pune, Bangalore, and the Philippines.

Responsibilities

• Execute Information Security Management System implementation and audit projects in alignment with ISO/IEC 27001:2022 and TISAX requirements.
• Identify and assess risks to digital information by leading risk assessment activities and collaborating with stakeholders to implement appropriate risk mitigation measures.
• ISO/IEC 27001:2022 Lead Auditor or Lead Implementer certification is mandatory, with additional information security certifications such as CISA, CISM, CISSP, CRISC, Security+, or equivalent considered an added advantage.
• Support external certification, surveillance, and client audits by coordinating evidence requests, stakeholder discussions, audit walkthroughs, and management responses.
• Assist in defining, maintaining, and reviewing ISMS documentation, policies, procedures, risk registers, Statements of Applicability, audit reports, and corrective action plans.
• Prepare audit summaries, status updates, remediation trackers, and management reports.
• Identify opportunities to enhance security processes and procedures and support continuous improvement across the information security program.
• What you bring:
• 3-4 years of hands-on experience in implementing and auditing Information Security Management Systems aligned with ISO/IEC 27001 standards.
• Practical understanding of ISO/IEC 27001 requirements, the ISMS lifecycle, Annex A controls, risk assessment, internal audit, corrective actions, and continual improvement.
• Experience in preparing, reviewing, and maintaining ISMS documentation and audit evidence, along with the ability to perform control reviews, identify gaps, document observations, and support remediation tracking
• Working knowledge of information security domains, including access control, asset management, data protection, incident management, supplier security, business continuity, and vulnerability management.
• Exposure to SOC 1/SOC 2, PCI DSS, IT General Controls, privacy, cloud security, third-party risk management, or regulatory compliance assessments would be added advantage.
• Familiarity with security governance tools, risk assessment platforms, audit tracking tools, or GRC solutions.
• What we offer you :
• An exciting opportunity be a part of World's Leading FinTech Product MNC
• To be a part of vibrant team and to build up a career on core banking/payments domain
• A multifaceted job with a high degree of responsibility and a broad spectrum of opportunities
• A broad range of professional education and personal development possibilities - FIS is your final career step!
• Privacy Statement
• FIS is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how FIS protects personal information online, please see the Online Privacy Notice .
• Sourcing Model
• #pridepass

Additional Information

Are you curious, motivated, and forward-thinking? At FIS you'll have the opportunity to work on some of the most challenging and relevant issues in financial services and technology. Our talented people empower us, and we believe in being part of a team that is open, collaborative, entrepreneurial, passionate and above all fun.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at fis? Share your experience