Associate/Specialist - IT Security - BFSI

Basic Function

The ideal candidate will have expert knowledge in Conducting IT Risk Assessments, Business Impact Analysis and IT Systems Recovery Analysis, perform disaster recovery/business continuity planning documentation, reviews and updates, Application Security Testing / Application vulnerability assessment/Network Security Assessment, Conducting vendor risk assessments reviews, Conducting information security audits and regulatory compliance audits, Implementing ISO 27001 / PCI DSS / NIST / HIPAA best practices & participating in SOX 404 compliance. The person should support the Application Vulnerability Testing Program activities that would include process tracking, status tracking, Findings creation and update for AVT and some meetings management.

The candidate must be able to clearly communicate both written and orally, and present products and ideas in a business-like manner. Strong interpersonal skills are required due to continual interaction with clients, managers, and users with varying technical backgrounds in a fast paced work environment.

Essential Functions

- Conducting IT Risk assessments, Business impact analysis and IT systems recovery analysis

- Performing disaster recovery/business continuity planning documentation, reviews and updates

- Application security testing / Application vulnerability assessment/Network security assessment

- Conducting vendor assessments reviews

- Conducting information security audits and regulatory compliance audits

- Solution architects creating information security solutions

- Implementing BS 7799 best practices & participating in SOX 404 compliance.

- Knowledge of assessment tools like Archer, LDRPS, etc

- Knowledge of standards like ISO 27001,PCI DSS, HIPAA, NIST, OWASP, BS 25999, etc

- Certifications like CISSP/CEH/CISA/CRISK/ISO 27001/BS 25999 etc

- Good internetworking and communication skills

- Worked on international projects

- Team player and have leadership qualities

- Proficiency in Vulnerability and Threat Management best practices

- Experience with programming/scripting languages (e.g. Ruby, Python, Perl, etc.)

- Security Incident response

- Operational IT administration (i.e. vulnerability management, systems administration)

- Strong customer service and communication skills required

- Ability to develop and implement security procedures and controls

- Qualys / CORE Insight

- Schedule and run scans

- Maintain asset groups

- Track remediation

- Develop and implement reporting and metrics

- Distribution of reports globally

- Ad-hoc scanning as requested

- Penetration Testing

- Track remediation

- Track emerging threats and trends in Organisation's vertical

- Provide management status reports and escalations on all TVM requests and incidents

- Testing of security devices and controls (e.g. IDS, DLP, Firewalls, etc.)

Incident Response

- Log analysis

- Tracking of open issues

- DLP

- IDS

- Device outages

- Monitor security mailbox

- Reporting/Metrics (Weekly/Monthly)

- DLP

- EPO

- Symantec/Verizon

- Develop Reporting Dashboard

Primary Internal Interactions

- Manager for the purpose of reporting performance, escalation handling, clarifying concerns, seeking feedback, monthly evaluation of performance and support.

- Administrators & Engineers for the purpose of seeking cooperation & clarification on process-related matters & providing assistance and support when required.

- Subject Matter Expert for the purpose of work thread related issues and escalated transactions.

- Stateside Team SME’s for the purpose of feedback and audit.

- Trainers for the purpose of pre-process and process training.

Organizational Relationships

Reports To: Manager – IT Risk Assessment

Supervises: 0

Skills

Technical Skills

- Good computer navigation skills

- Good keyboarding speed -Basic computer skills, (lotus notes, windows) keying – speed and accuracy, communication skills –written required

Process Specific Skills

- Knowledge of assessment tools like Archer, LDRPS, etc

- Knowledge of standards like ISO 27001, OWASP, BS 25999, etc

- Certifications like CISSP/CEH/CISA/CRISC/ISO 27001/BS 25999 etc

Soft skills (Minimum)

- Communication skills – should be able to read, interpret business documents.

- Possesses positive attitude to create an “easy to do business with" environment for Organization's internal/external customers.

- Escalate issues if required

- Team work/ Managing Self / Adaptability

- Ability to work successfully in production driven environment

- Adaptability to change

- Customer Service Orientation – Possess desire and focus efforts on discovering, meeting and exceeding the customer or client’s needs.

Soft Skills (Desired)

- Self disciplined and result oriented

- Ability to multi task and should have the ability to adapt to and work effectively with a variety of situations, individuals, or groups.

Education Requirements

A Bachelor's degree in Computer Science / Information Technology or related field of study