Gautam Buddha Nagar, Uttar Pradesh
Job Summary
Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing 2. Has bachelor’s degree in computer science, information systems or equivalent 3. Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC 4. GRC professional with good understanding of industry frameworks and standards 5. In-depth experience on Third-Party Risk Management a. Evaluating third party's cybersecurity control and ensuring they are in compliance with organizations standards and industry best practices b. Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis c. Articulate risks and potential options for remediation or compensating controls d. Understand inherent risk assessment e. In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps f. Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility 6. In-depth understand of GDPR, LGPD and other privacy requirements 7. Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA Strong business and communication skills 9. Experience in driving meetings with stakeholders 10. Provide advisory and consulting to client on new trends and challenges in enterprise risk management area 11. Experience in design and development of information security policies, standards, and guidelines 12. Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA 13. Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives 14. Design / modify Contract security language / security clauses 15. Co-ordinate and negotiate security clauses with Procurement team and Supplier 16. Experience on GRC platforms 17. Work with the client & technical teams for change request on any risk or control implementation as well as governance process 18. Participate in internal as well as external regulatory as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security L2 Skills and Experience 1. Security professional with at least 3-4 years of progressive, responsible, and diversified experience in Information security, Third-Party risk management 2. In-depth experience on Third-Party Risk Management a. Evaluating third party's cybersecurity control and ensuring they are in compliance with organizations standards and industry best practices b. Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis c. Articulate risks and potential options for remediation or compensating controls d. Understand inherent risk assessment e. In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps f. Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility 3. In-depth understand of GDPR, LGPD and other privacy requirements 4. Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO27001 and HIPAA
6. Experience in designing customized assessment questionnaire of third-Party risk assessment based on organizational requirements, regulatory requirements and industry best practices
7. Implement inherent risk assessment methodo
Key Responsibilities
1. Assess IT infrastructure using tools such as SolarWinds and Nagios to identify performance bottlenecks and recommend improvements.
2. Develop infrastructure optimization plans by leveraging VMware and Hyper-V, ensuring efficient resource utilization and scalability.
3. Support implementation of cloud migration strategies using AWS and Azure, facilitating seamless transition and integration of client systems.
4. Analyze network security posture with Cisco and Fortinet solutions, providing actionable recommendations to enhance protection and compliance.
5. Prepare and present technical documentation and reports using Microsoft Office Suite, ensuring stakeholders are informed of project progress and outcomes.
6. Collaborate with internal teams to troubleshoot infrastructure issues using ServiceNow and ITIL-based processes, ensuring timely resolution and minimal disruption.
#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-