Job Overview

• responsible for reviewing, maintaining, and updating security policies, procedures, and standards/baselines.
• support all accreditation programs such as iso27001, isae 3402 type ii, soc2 type 2, pci-dss and others as may be needed.
• work with different stakeholders including external auditors, business leaders, dpo, legal, hr, and cio teams to understand all critical security requirements.
• drive security compliance monitoring.
• risk assessment for information security and cyber risks
• adoption of global frameworks such as nist cyber security and cis etc.
• work with internal marketing team and external vendors for developing security awareness program.
• support business continuity program including bc plans, crisis management etc.
• perform internal security audits. manage certifications such as iso 27001, soc etc.
• perform security audits on application and it infrastructure including but not limited to network, operating systems (windows and linux), databases, access control, firewalls, ids/ips, web application firewalls, proxies, cloud infrastructure (azure and amazon), web servers, data center, email infrastructure, vpn infrastructure, routers, backups, disaster recovery, endpoint security.
• perform security audits to ensure that controls related to these processes are adequate to mitigate risks.

1. perimeter/internal security technologies (firewalls, ids/ips, proxy, waf etc.)
2. data loss prevention technologies and support processes
3. network segmentation and separation solutions
4. identity and access management, privileged access and authentication solutions
5. platform and configuration hardening
6. it incident and problem management
7. threat intelligence and insider threat detection
8. vulnerability assessment, penetration testing, and its mitigation
9. security incident and event management (siem) technologies
10. cyber incident and response
11. change management
12. role based access controls
13. business continuity and disaster recovery

• vendor security assessments

minimum qualification & background:

• 5-10 years of relevant experience
• graduate with one or more professional certifications: iso27001 la, cisa, crisc, cissp and cism
• must have experienced a complete iso27001 journey for a few years at a minimum.
• knowledge and understanding of iso27001, iso27002, iso27017, iso27018, pci dss, nist cyber security standards and cis benchmarks.
• must have performed audits of the cloud infrastructure.
• knowledge and understanding of security related technologies and cloud security.
• excellent written and verbal communication skills; documentation and presentation skills