ControlCase - Information Security Consultant - IT Auditor/Assessor

We are looking for IT Auditors for our Certification and Compliance Team to be based out of our Mumbai (Andheri East) office.

ControlCase is a global provider of Compliance as a Service (CaaS), enterprise software and services company. We are headquartered in the United States, with locations in North America, Europe, Asia/Pacific and the Middle East. ControlCase offers Governance, Risk and Compliance Service for various types of security certifications including PCI, HIPAA, HiTrust, EI3PA, SOC1, SOC2, NIST, and others.

- The IT Auditor performs security assessments of client IT environments against various PCI SSC standards and regulations including PCI DSS, PA-DSS, P2PE etc. He/She performs these assessments both remotely and at client sites, gathering evidence of controls in place to assess the controls and identify gaps.

RESPONSIBILITIES

- Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks and vulnerabilities within the client environments

- Able to analyze cardholder data flows (business and application data flows) and accordingly identify the risks to cardholder data

- Provide in-house training to clients on PCI DSS awareness

- Work independently to collect, consolidate and analyze evidences of clients PCI DSS compliance and meet the internal quality assurance requirements

- Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI DSS, PA-DSS, P2PE.)

- Extensive travel to client sites as needed

DESIRED SKILLS

- At least 5 years' overall experience in information security

- Ability to review network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) configurations and analyze network architectures

- Ability to review system hardening (Servers/ Virtualization Devices/ Cloud Infrastructure/ Databases)

- In-depth knowledge and experience in IT Security, including access controls, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption and key management best practices etc.

- In-depth knowledge and experience with PCI DSS, Risk Management Standards (OCTAVE/ NIST/ISO)

- Either of the following certifications is mandatory: CISSP/ CISM/ CISA/ GIAC GSNA

- Good knowledge of common office tools

- Excellent in English - written and spoken

- Good project management and time management skills

- Valid Passport

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you'd be interested in right now, please apply

If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.