TresVista - Associate - Cyber Security

About TresVista

TresVista is a global enterprise offering a diversified portfolio of services, including investment diligence, industry research, business development, fund administration, accounting, and data analytics. Working with a wide array of clients, including asset managers, advisors, corporates, and entrepreneurs, TresVista currently has over 1,000 employees across offices in Mumbai, Pune, Bangaluru, New York, London, and Singapore, and provides high-caliber support and operating leverage for over 1,000 clients across geographies and asset class.

Responsibilities Assumed:

- Understanding the business and IT infrastructure including applications and servers through interactions and walkthroughs

- Collecting information and reviewing information systems policies, standards, and procedures to verify that they address the organization's internal and external requirements and to identify information systems control deficiencies

- Understanding the various processes in place at the organization, such as RIS, IT, HR, FMS, Software Development, strategy, and their integration with one another

- Performing a root cause analysis of the various risks identified and development of solutions to mitigate the risks and the flow of data and information and performing a threat and risk analysis of each process

- Facilitating external IT audits (ISO 27001 and SOC 2) corporate-wide examinations

- Facilitating external VAPT audits, phishing drills, client audits

- Responding to client due diligence questionnaires around IT Security

- Assisting with the development and implementation of corporate compliance procedures and controls

- Performing special compliance and audit-related projects as assigned

- Managing and measuring the IT Security Framework and developing and maintaining a technology risk assessment program for business applications and processes

- Conducting internal VAPT audits and sharing the reports with the management

- Keeping the department updated with the latest technological changes and cybersecurity advancements

- Designing and producing metrics showing operational compliance with best practices

- Planning, supervising, and conducting testing to confirm continuous efficiency and effectiveness of information system controls

- Reviewing of Business Impact Analysis, Risk Assessment, Current State Network assessment, and Recovery Strategy Analysis

- Providing recommendations to the Top Management based on industry best practices to optimize IT processes and achieve business goals

Prerequisites:

- Sound understanding of auditing/ compliance

- Good command over written and spoken English

- Ability to meet deadlines and good time management skills

- Ability to work well under pressure with tight deadlines while delivering high quality and output

- Should be able to manage a team effectively as well as contribute individually to projects

- Knowledge of Personally Identifiable Information (PII) data security standards

Experience:

- 4-6 years of experience in Security Compliance/ IT Audit/ System review role

Education:

- Graduation/ Post Graduation (B.E/ B.Tech, M.E/M.Tech, M.Sc IT)

CEH V9 or other equivalent Ethical Hacker degree is preferable

One or more of the following information security certifications or advanced degree in information security/cybersecurity: CISSP/OSCP/CISM/CRISC/CISA/HISP or equivalent