The Opportunity

- Build, deploy, maintain, and enforce information security risk management standards, policies, and procedures to maintain and enhance the compliance posture within RapidAPI

- Work along with the CIO for the customer, partner, and vendor InfoSec audits and risk assessments, communicate results to information security stakeholders or business partners and ensure remediation of outstanding issues

- Perform internal risk assessments and analysis to identify opportunities to improve risk posture, and develop solutions for remediating or mitigating risks and assessing residual risk

- Monitor security vulnerabilities, threats, and events in network and host systems

- Develop strategies to handle security incidents and coordinate investigative activities to promote a culture of information security throughout the organization, providing subject matter expertise, guidance, and training

- Prepare financial forecasts for security operations and proper maintenance cover for security assets

- Prioritize security projects based on costs, benefits, resources, and alignment with business goals

- Execute regular Information Security Audits to ensure compliance with existing Information Security policies and identify areas for improvement

- Responsible for conducting regular VAPT tests over the on-premise as well as the cloud infra

Necessary Skills and Experience

- Experience with Information Security or related field

- Strong knowledge of security risk management frameworks including related regulatory compliance requirements (e.g. NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRamp, PCI, GDPR)

- Has led and built audit and InfoSec compliance frameworks

- Demonstrated understanding of qualitative vs. quantitative risk management to determine, evaluate, and report on technology risk levels at the project and enterprise level

- Strong oral and written communication skills with the ability to communicate complex concepts in simple terms for key stakeholders

- Ability to manage security on cloud platforms like AWS, GCP & Azure

- Experience in working with any leading SIEM tools like Splunk, Sumologic, Cloudflare Qradar, LogRhythm, ArcSight, etc.

- Experience in other security applications in the areas of EDR, Proxy, DLP, IDS, IPS & endpoint security

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.