Required Skills and Abilities :
- University degree in Computer Science, Information Technology or Cyber security related fields.
- Total experience of 4-7 years specifically in the information security industry is preferred
- Experience in Risk assessment End to end Risk assessment, different Methodologies, framework, and difference between Threat, Risk & vulnerabilities.
- Good experience in End to end Risk management & its process.
- Good to have prior experience in Vulnerability scanning, penetration testing to analyses the reports.
- Able to manage enterprise risk assessment , different vulnerabilities assessments.
- Conducting information security training , training content. Being able to assign courses to individual.
- Good exposure in Audit Framework OR Information Security Standards SOC-2, PCI-DSS Audits.
- Should have involved in SOC-2, PCI-DSS Audits. LIKE helped organization in obtaining the Audit certification.
- Information security certifications such as CISSP, GIAC, CRISC, CISA etc .
- Strong knowledge of technical configurations from various operating systems and security solutions (Windows, Linux, VMware, IDS/IPS, HIPS, FIM, SIEM, WAF, Cyber Security, encryption, etc.)
- Excellent proficiency in Risk assessment, penetration testing, vulnerability scan tools, SIEM tools, network management, remote access and mobility security tools/control
- Ability to read technical and business documents with deep comprehension
- Ability to use active listening skills to identify key information and isolate areas for follow up
- Ability to document risk to IT systems and associated business processes including development of spreadsheets, reports and presentations
- Ability to identify policy compliance with regulatory/compliance requirements (e.g., PCI, HIPAA/HITRUST, SOC), information security frameworks and controls (e.g., NIST, ISO, CIS).
- Ability to develop policies, standards and baseline configurations
- Strong attention to detail and ability to document findings and convey information
- Ability to manage project deliverables and deadlines
- Ability to clearly communicate with co-workers, management, and vendors.
- Must be available for after-hours implementations, testing and support in a 24x7 technical business environment.
POSITION RESPONSIBILITIES:
- Participate in risk assessments of IT infrastructure and applications, document audit findings, maintain risk register and prepare draft reports.
- Review technical configurations from various operating systems and security solutions (Windows, Linux, AD, VMware, IDS/IPS, FIM, SIEM, WAF, AV, endpoint encryption, etc.) to determine/enhance the parameters to meet industry-accepted hardening standards such as NIST, CIS, SANS, etc.
- Manage automated vulnerability scanning tools and run against all on premise and cloud-based systems and applications
- Review security reports from various security technologies (vulnerability assessment reports, cyber security reports, audit reports, access privileges, etc.) to identify violations, intrusion attempts, or security weaknesses
- Review potential new service provider or outsourcing relationships for business units and provide advisory services for information security due diligence
- Participate in risk assessments of IT infrastructure and applications, document audit findings, maintain risk register and prepare draft reports.
- Performs security operation processes and procedures, including, but not limited to:
- maintenance of internal security and cyber security controls and policies
- security awareness training and phishing campaigns
- vulnerability assessments
- patch management for endpoints
- Participate in audits of IT systems, network or application architecture and business processes for compliance with best practices and/or regulatory requirements.
- Review policies, standards and procedures to ensure compliance with best practices and compliance with regulations.
- Develop materials and processes to assist the business with implementing both technical and non-technical controls.
