Senior Associate - IT Advisory - Business Risk Services

2 - 4 Years

Gurgaon/Gurugram/Mumbai

Posted 3 years ago

#IT Risk Management #IT Vendor Management #IT Audit #IT Controls #IT Compliance

Senior Associate - IT Advisory - Business Risk Services

The incumbent is responsible for conducting/coordinating various IT Advisory Services such as ISMS Advisory, ITGC Audits, IT Risk Assessment including Third-Party Risk Assessment, VAPT, and IT Compliance Audits for various VOS Clients.

Required : 2-3 years of relevant experience in ITGC Audits, Third-Party Vendor IT Risk Assessment, Compliance Audits, and VAPT activities, etc.

Key Responsibilities :

- Reviewing existing IT controls and risks of Clients IT Systems, Networks, and Applications and collaborating with them to devise and put in place seamless IT Security Policies and Procedures as per industry-standard security frameworks.

- Conducting internal ITGC Audits for Clients.

- Conducting Third-Vendor Vendor IT Risk Assessment for the Clients.

- Conducting Cloud Security Risk Assessment activities.

- Conducting/coordinating various IT Compliance Audits such as ISO 27001, ISO 22301, SSAE18 SOC1 Type I & Type II, SSAE SOC2 Type I & Type II, SOX, HIPAA, PCI-DSS, EU-GDPR, etc.

- Conducting/coordinating Vulnerability Assessment and Penetration Testing (VAPT) as well as Web Application Penetration Testing (WAPT) activities.

- Preparing IT Audit and IT Security Risk Assessment Reports along-with recommendations for remediation on identified security gaps and vulnerabilities.

Required Candidate Profile :

Core Competencies (must have) :

- Broad background in multi-vendor networks, operating systems (Window, Unix, Linux), firewalls, and IT security engineering concepts.

- Knowledge in Information Security or IT Risk Management.

- Exposure to working in both Windows and Unix/Linux environments.

- Knowledge of global and domestic regulations and standards (FISMA/NIST, SSAE 18, Data Privacy, ISO 27001/27002, ISO 22301, etc.)

- Should be well-versed with coordinating, planning, and executing audit activities as per the industry standard established audit best practices.

- Exposure to Cloud Security aspects.

Additional Competencies (good to have) :

- Hands-on Experience in Vulnerability Assessment and Penetration Testing including Web Application Penetration Testing as per OWASP Top 10 web application security standards.

- Knowledge of IDS deployment strategies and experience in SIEM tools (Splunk, RSA enVision, ArcSight, LogRhythm)

- Implementing AWS and Azure cloud security services.

- Configuration of technical security controls, i.e. Firewall, IDS/IPS, Vulnerability Management, SIEM, etc.

- Knowledge of scripting languages (C++, C#, Perl, Python, HTML, Java, Shell, etc.)