Associate

Job Description (Posting).

Risk and Compliance

Work-Experience: Total 5-7 years in IT Technical role with at least 4 years experience in Information Security and exposure to regulatory audits and testing.

Type of Experience:

Information Security Co-ordination and administration to handle NERC CIP and SOX compliance activities.

Good knowledge of IT Security technologies, Operating Systems, Database, routing and switching.

Knowledge of implementing, managing and auditing security & compliance regulation (NERC CIP, SOX, PCI DSS, DPA, HIPAA, GLBA), Standards (ISO 27001, BS 17799) and frameworks (ITIL, NIST, COBIT).

Working experience on RSA Archer in building and supporting GRC solutions

Experience in Risk Management/Compliance Assurance/ Audits

Holds experience in delivering Risk and Compliance management services for a client based delivery environment.

Certifications

CISSP / CISA / CISM / ISO 27001 is a must, along with other technical certification like CCNA, CCNP, CCSA etc.

Areas of Responsibility

Work with internal/external teams to understand the security audit requirements and deliver against project plans

Build NERC CIP control testing procedure based on IT Environment and manage Compliance

Perform NERC CIP control testing for application and IT infrastructure.

Assist in compliance initiatives at function and organizational levels in areas of Information security and Risk Management.

Report Key Risk Indicators and deriving root cause for significant deviations

Continuously assess security measures in place for effectiveness thus highlighting deficiencies for remedial action

Review, design and deploy information/IT security procedures & guidelines across various IT functions and services.

Design reports related to compliance monitoring and improvement activities to ensure compliance with internal security policies etc.

Forensic investigations with tools like Forensic Tool Kit

Operating System Security Procedures Administration

Database and Web Portal Security

Information Security Incident Handling and Management

Compliance management through GRC tool

Execute defined responsibilities for various IT Security and Compliance Management projects

Soft Skills Required

Good problem solving capability, team player, good communication and documentation skills.

Handle multiple tasks with different group in a team in a wider domain.

Ability to prepare Informative Presentation & MIS documentation.

Ready to work in shifts (24x7 in rotation)

Should be working as per policies & procedures in compliance with Information Security recommendations.

Self-driven to take individual initiatives and able to work with minimal guidance.

(1.) To clearly understand the client's cybersecurity environment and respective product. (2.) To monitor, configure, and troubleshoot cybersecurity issues and related monitoring tools (3.) To analyse and validate cybersecurity incidents in-detail and help the L3 team with RCAordata or logs collection (4.) To enable knowledge transferortrainings through creationor maintenance of configuration documents, test plans, operational manuals and provide operational training to L1 team. (5.) To analyse and fine-tune cybersecurity policies, participate in cybersecurity review calls pertaining to change requests and recommendations on cybersecurity policy changes. (6.) To implement changes, monitor security device performance and implements performance tuning when necessary. (7.) To prepare analyses and reports to highlight the project progressorchallenges and ensure quality and accuracy to the client