Senior Insider Threat Analyst

About TMF Group
TMF Group helps its clients operate internationally and belong wherever they are in the world. Our work includes helping companies of all s with business services such as HR and payroll, accounting and tax, corporate secretarial, global governance and administration and fiduciary services for structured finance, private equity and real estate investments.
TMF Indiais a Great Place to Work, ISO & ISAE certified organization.
About the Role:
We are hiring a Senior Insider Threat Analyst to work in our growing IT Security team. The team is responsible for prevention of insider risks, data protection, and global vulnerability management of the organization. To do well in this role, one should have an engineering bachelor's degree in computer science or IT and relevant experience in the cyber security portfolio.
Job Responsibilities:
Infrastructure Management:

• Monitor the infrastructure stability for various cyber security platforms for data protection, insider risks and global vulnerability management.
• Periodic upgrades for server basis its need.
• Integrations of security tools with different platforms and the factors to be considered for cloud based and on-prem infrastructure.
• Checking periodic Health Check reports from analysts and ensuring good health of the infrastructure.
• Ensuring all company assets are under monitoring of our data protection and vulnerability management controls.

DLP & Data Protection Management:

• Validating the DLP alerts highlighted by analysts and escalating the same if it qualifies as an incident.
• Updating DLP policies basis inputs from the analysts and business stakeholders.
• Ensuring DLP policies are in line with the business and customer requirements.
• Management of various data protection platforms like Business Email Compromise and External email user warnings.

Incident Management:

• Assist L1 analysts with the handling of cyber security alerts and various incidents from different technology platforms.
• Assist the group with effective management and closure of incidents by implementing corresponding escalation procedures.
• Reviewing the Incident Management Process periodically, fixing process gaps, if any.
• Ensuring incidents are closed within their designated timelines and are actioned as per the set procedures.
• Ensuring all factors are considered at the time of closing an incident.

Management of Vulnerabilities & Other Attack Vectors:

• Keeping an eye on the critical vulnerabilities and attacks and running scans on VA tools to assess Company's network.
• Report the critical and High severity vulnerabilities to respective groups and get them fixed within the defined timelines.
• Monitor the infrastructure for various attack vectors and work on remediation.

Management of Security Awareness Program & its Effectiveness:

• Monitoring the success/completion rate for security awareness trainings within the organization by combining user related reports from different platforms.
• Publishing and arranging periodic awareness alerts, videos, and posters for the internal audience.
• Running internal phishing simulations for the Company's internal audience by determining the latest and critical phishing scams across different industries monitored via various public platforms.

Management Reporting & Analytics:

• Create various reports for the management and leadership.
• Recommend effective process changes to enhance defense and response procedures.

Skillset & Requirements for the Role:

• Engineering Bachelor's/Master's degree in computer science or related field.
• Experience in information security or related field.
• Have advanced level of knowledge and hands on experience in core Cyber Security Concepts like:
• Vulnerability Management tools like Tenable and ORCA
• Data Leakage Prevention tools like Forcepoint etc.
• Data Protection techniques and human layer risk
• Various attack vectors
• Integrations of security tools with different platforms and the factors to be considered for cloud based and on-prem infrastructure
• Security Awareness techniques and modes of improvement
• Awareness on Phishing campaigns and modes to run them effectively
• Provide technical expertise to staff on security incident monitoring, triage, response, threat & vulnerability management, and security analysis.
• Identify indicators of compromise (IOC) or Indicators of Attack (IoA) that need further investigation and develop use cases and rules.
• Fix detected vulnerabilities to maintain a high-security standard.
• Good understanding and hands on experience on various reporting platforms including advanced level MS-excel understanding.
• Stay current on IT security trends and news.
• Research security enhancements and make recommendations to management.

What's in it for you
Pathways for career development

• Work with colleagues and clients around the world on interesting and challenging work.
• We provide internal career opportunities, so you can take your career further within TMF.
• Continuous development is supported through global learning opportunities from the TMF Business Academy.

Making an impact

• You'll be helping us to make the world a simpler place to do business for our clients.
• Through our corporate social responsibility program, you'll also be making a difference in the communities where we work.

A supportive environment

• Strong feedback culture to help build an engaging workplace.
• Our inclusive work environment allows you to work from our offices around the world, as well as from home, helping you find the right work-life balance to perform at your best.

Other Benefits

• Marriage Gift policy
• Paternity & Adoption leaves
• Interest free loan policy
• Salary advance policy
• Covid support taskforce
• Well being initiatives