Job Responsibilities
- Responsible for reviewing maintaining, and updating security policies, procedures, and standards/baselines.
- Support all accreditation programs such as ISO27001, ISAE 3402 Type II, SOC2 Type 2, PCI-DSS and others as may be needed.
- Work with different stakeholders including external auditors, business leaders, DPO, Legal, HR, and CIO teams to understand all critical security requirements.
- Drive security compliance monitoring.
- Risk assessment for information security and cyber risks
- Adoption of global frameworks such as NIST Cyber Security and CIS etc.
- Support Business Continuity program including BC Plans, Crisis Management etc.
- Perform internal security audits. Manage certifications such as ISO 27001, SOC etc.
- Perform security audits on application and IT infrastructure including but not limited to network, operating systems (Windows and Linux), databases, access control, Firewalls, IDS/IPS, Web Application Firewalls, Proxies, Cloud infrastructure (Azure and Amazon), Web servers, data center, Email infrastructure, VPN infrastructure, routers, backups, Disaster Recovery, Endpoint Security.
- Third-party risk Assessment
Minimum Qualification & Background:
- 3-6 years of relevant experience
- Under Graduate with one or more of professional certifications: ISO27001 LA, CISA, CISSP, etc.
- Must have implemented ISO27001 standard at least once.
- Knowledge and understating of ISO27001, ISO27002, ISO27017, ISO27018, PCI DSS, NIST cyber security standards and CIS benchmarks.
- Must have performed audits of the cloud infrastructure.
- Knowledge and understanding of security related technologies and cloud security.
- Excellent written and verbal communication skills; Documentation and presentation skills
