Experience: – Industry experience of 10+ years with minimum 6+ years in Information Security / Cybersecurity domain
Certifications: – CompTIA Security+, CISM must. Other certifications like CISA, CRISC, CISS etc. are added values.
Qualification: – Bachelor’s degree in Computer Science or similar discipline with an emphasis on cybersecurity.
On-board time: – Immediate
Engagement: – Permanent on rolls
Roles & Responsibilities: –
- Responsible for overseeing and controlling all aspects of computer security in a business. The job entails planning and carrying out security measures that will protect a business’s data and information from deliberate attack, unauthorized access, corruption, and theft.
- Responsible for developing and managing Information Systems, cyber security including disaster recovery, database protection and software development.
- Responsible for monitoring internal and external policy compliance. Monitor regulation compliance.
- Good experience on NIST framework and understanding of new tools and terminologies available in market.
- Manage Audit policies and controls continuously.
- Ensure cybersecurity stays on the organizational radar.
- Oversee information security audits, whether performed by organization or third-party personnel.
- Plan and conduct internal reviews and audits in line with SOC1, SOC2, ISO27001, Privacy (GDPR, CCPA, ISO 27701)
- Perform Security Incident Management and Reporting including RCA.
- Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement.
- Communicate information security goals and new programs effectively with other department managers within the organization.
- Deep technical knowledge on Security analysis, vulnerability management, Security Incident handling and Threat Intelligence
- Create risk assessments, track mitigations efforts and developing risk metrics and risk reports.
- Contribute towards the transformation of Cyber Security capability, ongoing maintenance, and any security related projects, ensuring the implemented controls are effective.
- Provide oral/written reporting and analytics to a broad range of stakeholders which includes technical staff and senior leadership.
- Strong knowledge in malware analysis and the ability to conduct detailed analysis of various security related events like Phishing events, Spoofing events, DoS-DDoS events, SQL Injections events, Ransomware etc.
- Knowledge of Networking, Cloud Security, Active Directory and Privileged Access Management best practices.
- Properly document the audit process, (including evidence gathered), and ensure all the audit issues are tracked to closure with proper RCA. Ensure all the stakeholders have the necessary understanding and acceptance of audit issues.
- Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc. required
- Deep understanding of the Vulnerability Management process pertaining to applications
- Experience with Firewall, IDSIPS, WAF (Web Application Firewall) preferred
- Good exposure to secure application architecture assessment
- Strong English verbal, written communication, and presentations skills