Senior Consultant - IT Governance/Data Security/Privacy & Risk Assurance

3 - 8 Years

Bangalore/Mumbai

Posted 3 years ago

#IT Governance #Information Security #IT Security #IT Risk Management #IT Compliance #IT Audit #IT Consulting

Opportunity is with Technology advisory team of our client, we are looking to hire approx 15 people in this role .You are best suited if you have worked on Data Security ( PCI /DSS) and have 3 + years of relevant experience . Details of the role is

Services Specific Experience : #1 Cyber Security Reviews

Cyber Security Review

The candidate is required to have deep technical knowledge and strong experience in carrying out detailed cyber security configuration reviews of:

- Regulatory Framework driven reviews:

- SEBI audits

- IRDA gap audits

- RBI guideline audits (ATM Audits, PPI Wallet, SWIFT review etc.)

- NPCI UPI Audits

- Aadhar Audits

- PCI gap reviews

- GDPR reviews

Architecture review:

- Network Architecture Review

- Infrastructure Review

Configurations audits/review of systems such as:Services Specific Experience :

- 1 Cyber Security Reviews

- Windows servers

- AIX servers

- MS Exchange server

- Oracle and SQL Databases

- Firewalls (including rule base) (WAF familiarity will be an added advantage)

- SIEM (rule base including key co-relation rules)

- DLP (events and rules)

- Back up platforms (e.g. Tivoli, Symantec etc.)

- Content filter gateways

- Apache web servers

- 0365

- Cloud infrastructure like AWS/Azure

Services Specific Experience : #2 IT Audits

The candidate must have reasonable experience in conduct of IT audits for Indian and international clients (preferably). The coverage of their experience in IT audits must include areas such as :

- Physical security

- Logical security

- Data center reviews

- MSSP reviews

- IT MS reviews

- SOC reviews

- Privacy reviews

The candidate must have experience in preparing audit committee decks and also presenting observations in pre-audit committees, risk committees and audit committees.

Vendor Audits/TPRM :

The candidate must have handled vendor IS compliance of vendors for clients in the banking and insurance sector leveraging standards such as SSA-AUP, ISO 27001, PCI-DSS and CSA etc.

Standard specific compliance reviews and implementation experience (PCI DSS / ISO

27001 /COBIT/ IS022301)

The candidate must have a reasonable conceptual understanding of information security frameworks like ISO 27001, PCI DSS, IT Act, RBI regulations, IRDA regulations and COBIT. And must have experience specific to those of the following experience will be good to have and a strong bonus:

- ISMS implementation

- ISMS audits based on ISO 27001

- COBIT implementation (good to have)

- ISO 20000/ITIL implementation

- IS0 22301 framework implementation