Lead Info Security Analyst IND

About us: We are a highly successful 190-year-old, Fortune 500 commercial property insurance company of 6,000+ employees with a unique focus on science and risk engineering. Businesses worldwide trust our expertise to protect their assets, relying on our comprehensive risk assessments and robust, engineering-based insurance solutions to safeguard against fire, natural disasters, and other perils. Serving over a quarter of the Fortune 500 and major corporations globally, we deliver data-driven strategies that enhance resilience, ensure business continuity, and empower organizations to thrive.

FM India is a strategic location for driving our global operational efficiency. Our presence in India allows us to leverage the countrys talented workforce and advance our capabilities to serve our clients better. We have diverse corporate functions that emphasize research, advanced technologies like AI and analytics, risk engineering, research, finance, marketing, HR, etc. working together to provide innovative solutions and nurture lasting relationships from co-workers to clients.

Role Title: Lead Info Security Analyst IND Job Responsibilities: Coordinate and support responses to global regulatory exams, client cybersecurity questionnaires, and external compliance inquiries by partnering with Information Security & Risk Management, IT, and business stakeholders to gather, validate, and document supporting evidence. Track and manage incoming requests, ensuring responses are complete, accurate, and delivered within required timelines. Translate technical control information into clear, concise, and externally appropriate responses tailored to regulators and clients, ensuring consistency with supporting evidence and control documentation.

Support responses to follow-up questions, clarifications, and additional evidence requests. Map internal security controls to global regulatory requirements and industry frameworks (e.g., NIST CSF, CIS 8.1, and regional regulations such as APRA, IRDAI, GDPR, DORA, NYDFS). Identify and document gaps between existing controls and regulatory expectations and recommend improvements.

Support tracking and reporting of remediation activities related to identified gaps. Support preparation of regulatory reports, internal summaries, and compliance status updates. Monitor changes in global cybersecurity and privacy regulations and assess potential impacts to the organization.

Serve as a central coordination point for regulatory and client assurance activities. Collaborate with Information Security, IT, Risk Management, Legal, and business stakeholders to collect information and drive alignment. Performs research and analysis regarding security threats, vulnerabilities, mitigating strategies, and industry trends.

From this analysis, recommends specific actions and implementation strategy to address high-risk program gaps, control deficiencies or Policy / Standard improvements. Performs security assessment of third party providers to ensure that they have the contractual, operational and technical programs in place to adequately protect Restricted and Highly Restricted information. Provides results of assessment and security consultation to third party and management regarding security risks and recommendedimprovement expectations.

Leads, maintains and positively influences enhancements to security program, standards, supporting documents, solutions andframeworks. Ensures that improvements include stakeholder support, are communicated well and implemented effectively. Ensures that security services and activities are delivered according to expectations related to quality, customer focused, timeliness and metrics reporting Successfully develops relationships with business associates and with peers in Information Services to create trust and a positive, collaborative work environment.

Proven success in influencing positive outcomes in difficultsituations. Skill and Experience: 5-8 years of experiencerequired to perform essential job functions. Additional Experience Qualifier (optional): Minimum of five (5) years of experience in information technology or business analysissecurity, risk, audit, or regulatory compliance, with at least three (3) years in an information security specific field, such as user access management, computer forensics, network perimeter security, incident response, system security, risk, audit, or other related discipline..

TECHNICAL SKILLS: Working knowledge of MS Office suite, especially MS Word and Excel Expertise in at least one security, technical or risk discipline, demonstrated by relevant industry certifications Ability to leverage various trusted sources of information articles, webinars, Internet, etc to gain accurate knowledge of current security threats, vulnerabilities, mitigating strategies to address them and then recommend and implement appropriate solutions for the organization Must Have Skills: Cybersecurity Regulatory and Client Compliance Hands-on experience responding to regulatory exams, audits, and client security assessments, including coordinating evidence collection and developing clear, defensible written responses. IT Security Control: Global Regulatory Familiarity Practical experience supporting or interpreting regional cybersecurityregulations, with emphasis on APAC frameworksframeworkssuch as APRA, andMAS, and/IRDAI, or similar international regulatory regimes. Control Framework Mapping and Evidence Management Strong ability to map security controls acrossto industryframeworks (for example NIST CSF, ISO 27001CIS 8.1, SOC?aligned controls), assess effectiveness, and manage supporting documentation.

Independent Execution and Judgment Proven ability to manage work independently, prioritize competing demands, and deliver accurate, timely outputs with minimal supervision. Clear Written and Verbal Communication Ability to translate security and control information into clear, concise responses suitable for regulators, auditors, clients, and internal stakeholders. SOFT SKILLS: Strong verbal and written communication skills, with the ability to translate technical security concepts into clear, concise responses for regulators, clients, and business stakeholders.

Strong organizational and time management skills, with the ability to manage multiple concurrent requests and deadlines. High attention to detail, particularly in documentation quality and accuracy of responses. Strong stakeholder management and collaboration skills, with the ability to work effectively across Information Security & Risk Management, IT, Risk, Legal, and business teams.

Ability to work independently, prioritize competing demands, and deliver high-quality outputs with minimal supervision. Strong problem-solving and analytical skills, with the ability to interpret regulatory requirements and apply them in a practical, risk-based manner. Strong interpersonal skills Coordinate and lead program activities with team members and other stakeholders Excellent customer service skills Works collaboratively or independently to deliver appropriate, quality initiatives within budget and on time Must have a strong work ethic, great time management skills and a positive attitude TECHNICAL KNOWLEDGE: Hands-on experience responding to regulatory exams, audits, or client security assessments, including evidence collection, control mapping, and response coordination.

Strong knowledge of operating systems, networks, application development Experience supporting or participating in IT general controls (ITGC) or cybersecurity control audits, with an understanding of audit expectations, testing approaches, and evidence requirements. Strong understanding of cybersecurity control frameworks such as NIST CSF 2.0 and CIS v 8.1, including experience mapping controls to regulatory requirements. Familiarity with global regulatory requirements across regions (e.g., APAC, EU, US), includingregulatory bodies such as APRA, IRDAI,OFSI, or MAS.

Experience identifying control gaps, assessing compliance against regulatory expectations, and supporting remediation tracking. Ability to develop and maintain clear, accurate, and audit-ready control documentation and supporting evidence. Good understanding of computer vulnerabilities, hacker methodologies and other threats Expertise in Information Security risk and project control assessment methodologies or similar experience gained elsewhere Expertise in Solution Development Processes SDP or similar experience gained elsewhere Education and Certifications 4 Year/ bachelors degree required.

Preferred certifications : CISA, CISM Work location: Bengaluru