Main Objective of the Role The incumbent is responsible for conducting/coordinating various IT Security Services such as ISMS Advisory, ITGC Audits, IT Risk Assessment including Third Party Risk Assessment, VAPT, and IT Compliance Audits for various VOS Clients.
Key Responsibilities :
- Reviewing existing IT controls and risks of Clients- IT Systems, Networks and Applications and collaborating with them to devise and put in place seamless IT Security Policies and Procedures as per industry standard security frameworks.
- Conducting internal ITGC Audits for Clients.
- Conducting Third-Vendor Vendor IT Risk Assessment for the Clients.
- Conducting Cloud Security Risk Assessment activities.
- Conducting/coordinating various IT Compliance Audits such as ISO 27001, ISO 22301, SSAE18 SOC1 Type I & Type II, SSAE SOC2 Type I & Type II, SOX, HIPAA, PCI-DSS, EU-GDPR etc.
- Conducting/coordinating Vulnerability Assessment and Penetration Testing (VAPT) as well as Web Application Penetration Testing (WAPT) activities.
- Preparing IT Audit and IT Security Risk Assessment Reports along-with recommendations for remediation on identified security gaps and vulnerabilities.
Required Education:
- BE (IT / Computer Science / Electronics & Communications / Electronics), or
- B.Sc. - IT / Computer Science, or
- Graduation/PostGraduate in any stream.
Preferred Professional Education: - CEH/CISM/CISA/ISO 27001 Lead Auditor
- Hands-on training in VAPT and commonly used commercial and open source VAPT Tools
Experience: 2-3 years of relevant experience in ITGC Audits, Third-Party Vendor IT Risk Assessment, Compliance Audits, and VAPT activities etc.
Knowledge and Specific Skills Core Competencies (must have):
- Broad background of multi-vendor networks, operating systems (Window, Unix, Linux), firewalls and IT security engineering concepts.
- Knowledge in Information Security or IT Risk Management.
- Exposure to working in both Windows and Unix/Linux environments.
- Knowledge of global and domestic regulations and standards (FISMA/NIST, SSAE 18, Data Privacy, ISO 27001/27002, ISO 22301 etc.)
- Should be well-versed with coordinating, planning and executing audit activities as per the industry standard best practices.
- Exposure to Cloud Security aspects.
Additional Competencies (good to have):
- Hands-on Experience in Vulnerability Assessment and Penetration Testing including Web Application Penetration Testing as per OWASP Top 10 web application security standards.
- Knowledge of IDS deployment strategies and experience in SIEM tools (Splunk, RSA enVision, ArcSight, LogRhythm)
- Implementing AWS and Azure cloud security services.
- Configuration of technical security controls, i.e. Firewall, IDS/IPS, Vulnerability Management, SIEM, etc.
- Knowledge of scripting languages (C++, C#, Perl, Python, HTML, Java, Shell etc.)
Communication Skills - Excellent written / oral communications skills in English.
Additional requirements - Analytical thinker willing to - think outside the box- to resolve customer impacting situations on first contact; understand customer risk profile.
- Self-starter and ability to deliver under defined timelines
Required Critical Behavioral Competencies
Didn’t find the job appropriate? Report this Job