InventOnUs - Information Security Consultant

Information Security Consultant

- Roles & Responsibilities :

1. As an Auditor, your job role will be planning, organizing and performing internal audits and handling the audit end to end for various compliance such as ISO 27001, RBI, SEBI, ITGC, NIST, PCI DSS.

2. Manage risk assessment of internal processes and develop risk and control matrix (RCM) in line with COBIT, ISO, and ITIL best practices and recommendations

3. Document control testing procedures, results and findings

4. Review IT controls around user access management, change management, backup and restoration management, SDLC, database and operating system baseline security, and incident management.

5. Evaluate SOC reports (Type I and II) of service organizations, and report on IT control issues and gaps to IT Controllership.

6. Report audit/assessment results, remediation plans, timelines and key metrics to management

7. Assisting with the support & ongoing maintenance of the ISO 27001 ISMS certification.

8. As a Consultant, review of policies and procedures by co ordinating with various stakeholders.

9. Perform pre and post-implementation reviews of system implementations or enhancements.

10. Evaluate information general computing controls and provide value-added feedback. Test compliance with those controls. Coordinate with ISO 27001, HIPPA, EHNAC, PCI, HITRUST and IT teams as applicable.

11. Planning and developing security policy and standard documents.

12. Privacy Framework Implementation.

- Desired Qualification and Skills :

1. Having good communication skills.

2. Bachelor or Master's degree, preferably in Computer Science or any related field of expertise.

3. Must have certifications such as ISO 27001 LA/CISA/CISM.

4. Experience with security and standards frameworks especially Implementing and auditing ISO/IEC 27000 series, NIST Cybersecurity Framework, PCI DSS, HIPAA, RBI Guidelines, SEBI Guidelines etc.

5. Strong understanding of security principals: audit, policies, guidelines, and compliance.

6. Deep understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management.

7. Continuously looking to grow and develop your technical and professional skills with a commitment to build and grow your cybersecurity career to the next level.

8. Excellent written and communications skills for both technical and non-technical stake holders.

Good teamwork and time management skills.