Job Description

I. Skills and Competencies

• Implement and oversee enforcement of policies, procedures, standard and associated plans based on industry-standard best practices (ISO 27001, NIST, PCI-DSS, etc)
• Perform technology based risk assessments, 3rd party risk assessment, M&A security governance and exception management against the Company standards for applicable scenarios & manage risk to an acceptable level
• Perform technology security review on application, infrastructure & cloud
• Maintain continuous compliance of user access management on network, servers and applications
• Maintain continuous compliance with network, servers, applications and workstation configurations against the security and hardening standards
• Prepare compliance reports and remediation details from periodic review of application, workstation, servers, and network device configuration
• Maintain continuous compliance of data Loss Prevention (DLP) and CASB for all applications, infrastructure and systems supporting Company operations to prevent data leakage
• Perform risk assessment on application during SDLC and compliance check related to access control and data sanitization
• Identifying, documenting and maintaining information security risk register & reporting to the security lead and other stakeholders
• Provide monitoring, independent oversight and facilitate the execution & continuous improvement of 3rd party risk management and M&A programs and processes
• Influence Security Control Automation efforts, security and compliance at scale
• Represents Security posture of Company in internal & external audits
• Drive security awareness & conducts regular training on Company’s security policy and standard requirements through training, communication, and workshops

II. Education and Experience Qualifications: 

• Bachelor’s degree in information technology or other related field
• At least 5 years of working experience related to information security practices with a minimum of 3 years in GRC domains
• Excellent understanding & experience of security policy management, security standards and frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX and SOC2
• Solid understanding of operational and organizational structures, and experience in global, matrix organizations, Vendor & 3rd party Risk Management
• Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response
• Experience with agile approaches and experience in DevOps or DevSecOps, and how they impact risk management and compliance
• Possess of information security certifications, such as CISSP/CISM/CRISC/CEH/ISO 27001
• Experience in HLD & LLD review and driving cross-functional programs
• Excellent problem solving, interpersonal, communication and presentation skills

III. Preferred:

• ISO 270001 , CISA certification (Any One)