Senior Associate IT Advisory - ITGC - IT

Main Objective of the Role The incumbent is responsible for conducting/coordinating various IT Security Services such as ISMS Advisory, ITGC Audits, IT Risk Assessment including Third Party Risk Assessment, VAPT, and IT Compliance Audits for various VOS Clients.

Key Responsibilities :

- Reviewing existing IT controls and risks of Clients- IT Systems, Networks and Applications and collaborating with them to devise and put in place seamless IT Security Policies and Procedures as per industry standard security frameworks.

- Conducting internal ITGC Audits for Clients.

- Conducting Third-Vendor Vendor IT Risk Assessment for the Clients.

- Conducting Cloud Security Risk Assessment activities.

- Conducting/coordinating various IT Compliance Audits such as ISO 27001, ISO 22301, SSAE18 SOC1 Type I & Type II, SSAE SOC2 Type I & Type II, SOX, HIPAA, PCI-DSS, EU-GDPR etc.

- Conducting/coordinating Vulnerability Assessment and Penetration Testing (VAPT) as well as Web Application Penetration Testing (WAPT) activities.

- Preparing IT Audit and IT Security Risk Assessment Reports along-with recommendations for remediation on identified security gaps and vulnerabilities.

Required Education:

- BE (IT / Computer Science / Electronics & Communications / Electronics), or

- B.Sc. - IT / Computer Science, or

- Graduation/PostGraduate in any stream.

Preferred Professional Education: - CEH/CISM/CISA/ISO 27001 Lead Auditor

- Hands-on training in VAPT and commonly used commercial and open source VAPT Tools

Experience: 2-3 years of relevant experience in ITGC Audits, Third-Party Vendor IT Risk Assessment, Compliance Audits, and VAPT activities etc.

Knowledge and Specific Skills Core Competencies (must have):

- Broad background of multi-vendor networks, operating systems (Window, Unix, Linux), firewalls and IT security engineering concepts.

- Knowledge in Information Security or IT Risk Management.

- Exposure to working in both Windows and Unix/Linux environments.

- Knowledge of global and domestic regulations and standards (FISMA/NIST, SSAE 18, Data Privacy, ISO 27001/27002, ISO 22301 etc.)

- Should be well-versed with coordinating, planning and executing audit activities as per the industry standard best practices.

- Exposure to Cloud Security aspects.

Additional Competencies (good to have):

- Hands-on Experience in Vulnerability Assessment and Penetration Testing including Web Application Penetration Testing as per OWASP Top 10 web application security standards.

- Knowledge of IDS deployment strategies and experience in SIEM tools (Splunk, RSA enVision, ArcSight, LogRhythm)

- Implementing AWS and Azure cloud security services.

- Configuration of technical security controls, i.e. Firewall, IDS/IPS, Vulnerability Management, SIEM, etc.

- Knowledge of scripting languages (C++, C#, Perl, Python, HTML, Java, Shell etc.)

Communication Skills - Excellent written / oral communications skills in English.

Additional requirements - Analytical thinker willing to - think outside the box- to resolve customer impacting situations on first contact; understand customer risk profile.

- Self-starter and ability to deliver under defined timelines

Required Critical Behavioral Competencies