Noida, Uttar Pradesh
Job Summary
Security L2/L3 Skills and Experience • Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing • Must have Bachelor’s degree in computer science, information systems or equivalent • Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC • GRC professional with good understanding of industry frameworks and standards • In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps • Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO 31000 • In-depth experience on Third-Party Risk Management • Evaluating third party\'s cybersecurity control and ensuring they comply with organizations standards and industry best practices • Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis • Articulate risks and potential options for remediation or compensating controls • Understand inherent risk assessment • Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation-tracking responsibility • In-depth understand of GDPR, LGPD and other privacy requirements • Strong business and communication skills • Experience in driving meetings with stakeholders • Provide advisory and consulting to client on new trends and challenges in enterprise risk management • Experience in design and development of information security policies, standards, and guidelines • Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA • Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives • Design / modify Contract security language / security clauses • Co-ordinate and negotiate security clauses with Procurement team and Supplier • Experience on GRC platforms • Work with the client & technical teams for change request on any risk or control implementation as well as governance process • Participate in internal as well as external regulatory as well as IT security audits. • Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security
Key Responsibilities
Security L2/L3 Skills and Experience • Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing • Must have Bachelor’s degree in computer science, information systems or equivalent • Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC • GRC professional with good understanding of industry frameworks and standards • In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps • Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO 31000 • In-depth experience on Third-Party Risk Management • Evaluating third party\'s cybersecurity control and ensuring they comply with organizations standards and industry best practices • Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis • Articulate risks and potential options for remediation or compensating controls • Understand inherent risk assessment • Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation-tracking responsibility • In-depth understand of GDPR, LGPD and other privacy requirements • Strong business and communication skills • Experience in driving meetings with stakeholders • Provide advisory and consulting to client on new trends and challenges in enterprise risk management • Experience in design and development of information security policies, standards, and guidelines • Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA • Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives • Design / modify Contract security language / security clauses • Co-ordinate and negotiate security clauses with Procurement team and Supplier • Experience on GRC platforms • Work with the client & technical teams for change request on any risk or control implementation as well as governance process • Participate in internal as well as external regulatory as well as IT security audits. • Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security
Skill Requirements
Security L2/L3 Skills and Experience • Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing • Must have Bachelor’s degree in computer science, information systems or equivalent • Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC • GRC professional with good understanding of industry frameworks and standards • In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps • Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO 31000 • In-depth experience on Third-Party Risk Management • Evaluating third party\'s cybersecurity control and ensuring they comply with organizations standards and industry best practices • Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis • Articulate risks and potential options for remediation or compensating controls • Understand inherent risk assessment • Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation-tracking responsibility • In-depth understand of GDPR, LGPD and other privacy requirements • Strong business and communication skills • Experience in driving meetings with stakeholders • Provide advisory and consulting to client on new trends and challenges in enterprise risk management • Experience in design and development of information security policies, standards, and guidelines • Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA • Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives • Design / modify Contract security language / security clauses • Co-ordinate and negotiate security clauses with Procurement team and Supplier • Experience on GRC platforms • Work with the client & technical teams for change request on any risk or control implementation as well as governance process • Participate in internal as well as external regulatory as well as IT security audits. • Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security
Other Requirements
Security L2/L3 Skills and Experience • Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing • Must have Bachelor’s degree in computer science, information systems or equivalent • Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC • GRC professional with good understanding of industry frameworks and standards • In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps • Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO 31000 • In-depth experience on Third-Party Risk Management • Evaluating third party\'s cybersecurity control and ensuring they comply with organizations standards and industry best practices • Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis • Articulate risks and potential options for remediation or compensating controls • Understand inherent risk assessment • Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation-tracking responsibility • In-depth understand of GDPR, LGPD and other privacy requirements • Strong business and communication skills • Experience in driving meetings with stakeholders • Provide advisory and consulting to client on new trends and challenges in enterprise risk management • Experience in design and development of information security policies, standards, and guidelines • Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA • Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives • Design / modify Contract security language / security clauses • Co-ordinate and negotiate security clauses with Procurement team and Supplier • Experience on GRC platforms • Work with the client & technical teams for change request on any risk or control implementation as well as governance process • Participate in internal as well as external regulatory as well as IT security audits. • Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security
#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-