IT Security Analyst - FMCG

JOB TITLE: IT Security Executive 1C

JOB LOCATION: Bangalore

DEPARTMENT: IT

RESPONSIBILITIES:

Provide SME guidance on incident analysis, root cause analysis and problem resolution for security and compliance matters.

Assist in the response to security events and escalations

Adhere to and improve upon company policies and procedures on incident management, malware analysis, forensics analysis and used of information security tools and information

Maintain current knowledge of information security trends, threats and responses

Participate in all aspects of Information Security Operations including on-call duties when necessary.

Conducts IS risk analysis in accordance with current IS Risk Management Framework including new IT products and services, third-party vendors, and internal systems and processes.

Evaluates and recommends controls to mitigate identified risks to acceptable levels

Recommends, maintains, and implements IS risk management frameworks, assessment methodologies, and tools.

Provides assistance to IT Audit, Internal Audit, and other departments regarding IS Risk Management issues and controls, including reviews of assessments conducted by other organizations.

Monitors risk notifications from vendors and assists with appropriate documentation and response.

Monitors and guides suppliers and liaisons regarding their compliance to standards.

Works alongside Suppliers to ensure Sarbanes-Oxley related activities are compliant.

Reviews, evaluates and communicates SOC1 report results and works with Supplier to ensure mitigation plans are delivered to satisfaction.

REQUIREMENTS:

Desired: CISSP, CISA, CRISC, CISM or other equivalent information security or risk management certification.

Knowledge of laws and regulations impacting data protection and confidentiality, integrity and availability of systems and data, including HIPAA, HI-TECH, Sarbanes-Oxley, and state regulations.

Strong knowledge of recognized information security-related standards such as ISO-CobIT, and NIST

Strong analytical, planning, creative problems solving and multi-tasking skills

Strong Interpersonal skills to interface with internal and external parties in a professional manner that creates confidence in his/her subject matter expertise and helps foster resolution of risk gas and issues

Knowledge of how technologies, processes and controls impact risk in both the information systems and corporate business environment and ability to translate security and operational controls into business risk

Requires knowledge of information security, access controls, application and platform controls, data protection and cryptography, operations security, disaster recovery andphysical security controls

Familiarity with the following technologies: SIEM, Active Directory, Microsoft Windows, Linux/Unix, Oracle, RBAC, CyberArk.

Familiarity with ISO27001 certification.