REF64276Z- Security Lead-Information Security-5-8Years || Mumbai

Company Description

WNS (Holdings) Limited (NYSE: WNS), is a leading Business Process Management (BPM) company. We combine our deep industry knowledge with technology and analytics expertise to co-create innovative, digital-led transformational solutions with clients across 10 industries. We enable businesses in Travel, Insurance, Banking and Financial Services, Manufacturing, Retail and Consumer Packaged Goods, Shipping and Logistics, Healthcare, and Utilities to re-imagine their digital future and transform their outcomes with operational excellence.We deliver an entire spectrum of BPM services in finance and accounting, procurement, customer interaction services and human resources leveraging collaborative models that are tailored to address the unique business challenges of each client. We co-create and execute the future vision of 400+ clients with the help of our 44,000+ employees.

Job Description

We are seeking a motivated Information Security and Risk Analyst to join our IT Security team. The ideal candidate will have a strong understanding of security principles, vulnerability management, and the ability to work with development and IT teams to mitigate and remediate security risks in applications and systems. This role will also provide support for security operations, audits, and security-related inquiries.

Key Responsibilities:

Security & Vulnerability Management:

• Penetration Remediation: Support remediation efforts for vulnerabilities identified during application penetration testing.

• Vulnerability Mitigation: Collaborate with IT teams to resolve vulnerabilities and recommend compensating controls.

• Vulnerability Scanning: Establish and maintain vulnerability scanning across networks to identify security weaknesses.

• Security Reviews: Conduct security reviews of applications, systems, and infrastructure, ensuring adherence to best practices.

Security Operations & Audits:

•Security Audits: Assist with internal and external audits, including reviewing security controls.

• Security Policies: Support the review and maintenance of IT security policies, ensuring alignment with industry standards.

• File Monitoring & UBA: Assist in managing file monitoring solutions and User Behavior Analytics (UBA) to detect and mitigate risks.

• File Encryption: Assist with managing and improving file encryption solutions across the organization.

Collaboration & Reporting:

• Cross-functional Collaboration: Work with IT and development teams to implement security measures.

• Security RFPs: Assist with answering security-related RFP questions, providing expertise on security requirements.

• Compensating Controls: Recommend compensating controls to address security gaps while minimizing risk.

Security Best Practices & Recommendations:

• Recommendations: Provide recommendations to improve security posture based on best practices and threat intelligence.

• Security Awareness: Promote security awareness across the organization to enhance overall security posture.

Triage & Incident Response:

• Alert Triage: Perform triage and analysis of security alerts to assess impact and determine appropriate actions.

• Incident Management: Assist in managing security incidents, including root cause analysis and threat mitigation.

Required Skills & Competencies:

• Core Values: Uphold values of Exceed to Service, Innovate to Generate, Trust to Succeed, Empowered to Achieve, Collaborate to Perform, Recognize to Reward, Play to Win.

• Collaboration: Ability to work independently or within a team and collaborate with various stakeholders.

• Communication: Strong written and verbal communication skills, able to explain complex security issues clearly.

• Time Management: Effectively prioritize and meet deadlines in a fast-paced environment.

• Analytical Thinking: Strong problem-solving skills and consultative approach to security challenges.

• Attention to Detail: Precision and accuracy in security reviews and audits.

• Calm Under Pressure: Ability to remain calm in high-pressure situations, proactively addressing security risks.

Qualifications

• Educational Requirements: o Associate’s degree in Cybersecurity, Information Technology, or a related field preferred. Certifications such as CISA, CISM, CISSP, Security+ are preferred.

• Experience Requirements: o Familiarity with PCI DSS, IT security processes, and security architectures.

 Experience in vulnerability assessments, penetration testing, and remediation efforts.

Familiarity with security tools for file encryption, UBA (User Behavior Analytics), and vulnerability management. Knowledge of security compliance standards, including PCI DSS, NIST, ISO 27001.