Job Description
I. Skills and Competencies
- Implement and oversee enforcement of policies, procedures, standard and associated plans based on industry-standard best practices (ISO 27001, NIST, PCI-DSS, etc)
- Perform technology based risk assessments, 3rd party risk assessment, M&A security governance and exception management against the Company standards for applicable scenarios & manage risk to an acceptable level
- Perform technology security review on application, infrastructure & cloud
- Maintain continuous compliance of user access management on network, servers and applications
- Maintain continuous compliance with network, servers, applications and workstation configurations against the security and hardening standards
- Prepare compliance reports and remediation details from periodic review of application, workstation, servers, and network device configuration
- Maintain continuous compliance of data Loss Prevention (DLP) and CASB for all applications, infrastructure and systems supporting Company operations to prevent data leakage
- Perform risk assessment on application during SDLC and compliance check related to access control and data sanitization
- Identifying, documenting and maintaining information security risk register & reporting to the security lead and other stakeholders
- Provide monitoring, independent oversight and facilitate the execution & continuous improvement of 3rd party risk management and M&A programs and processes
- Influence Security Control Automation efforts, security and compliance at scale
- Represents Security posture of Company in internal & external audits
- Drive security awareness & conducts regular training on Company’s security policy and standard requirements through training, communication, and workshops
II. Education and Experience Qualifications:
- Bachelor’s degree in information technology or other related field
- At least 5 years of working experience related to information security practices with a minimum of 3 years in GRC domains
- Excellent understanding & experience of security policy management, security standards and frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX and SOC2
- Solid understanding of operational and organizational structures, and experience in global, matrix organizations, Vendor & 3rd party Risk Management
- Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response
- Experience with agile approaches and experience in DevOps or DevSecOps, and how they impact risk management and compliance
- Possess of information security certifications, such as CISSP/CISM/CRISC/CEH/ISO 27001
- Experience in HLD & LLD review and driving cross-functional programs
- Excellent problem solving, interpersonal, communication and presentation skills
III. Preferred:
- ISO 270001 , CISA certification (Any One)