Specialist II - Information Security

Job Description

Role Proficiency:With strong knowledge of various applicable compliance standards independently handle internal/external compliance audits and VAPT/Red Teaming assignments. Involve more in the risk assessment and remediations and in customer assurance activities. Independently handle all the assigned tasks with minimal supervision.Outcomes:

1. Handle the assigned tasks from the allocated domain with minimal guidance from the leads. (Domain Examples: BCMS Risk assessment incident management HITRUST SOC customer assurance Awareness activities Data Privacy VAPT Red Teaming etc.)
2. Independently handle (with very minimal guidance from the supervisors) internal/external audits to ensure compliance with ISO 27001/ISO 22301/ISO 27701 requirement as well as process specific requirements
3. Responsible for the effective documentation of internal audits(reports) individually.
4. Responsible for effective external audit facilitation Preparing CAPA and ensure the readiness for external audits.
5. Point out the non-conformance areas and suggest measures to improve the information security individually.
6. Ensure that risk management is effectively conducted across the organization business processes and information systems.
7. Involve and contribute to customer assurance activities.
8. Coordinate information security awareness training programs for all the employees contractors and approved system users.
9. Coordinate and Review the technical vulnerability assessments of IT systems and processes to identify potential vulnerabilities. Submit recommendations to control any risks identified and ensure that they are implemented.
10. Perform Security Architecture and Configuration reviews on various IT systems.
11. Involve and contribute to process automation.
12. Design plan and execute the Cybersecurity activities.
13. Directly Interact with customer and communicate detailed technical requirement to the team.
14. Use independent judgement and discretion to analyse the system security.
15. Prepare detailed description of user requirements and steps required to perform the VAPT/Red Teaming.
16. Learn and understand existing and emerging management practices.
17. Independently handle the evidence collection from multiple teams as part of any external audits.
18. Policy/Procedure creation activities and process improvement ideas to be implemented.
19. Research and analytical skills including the ability to convert complex policy issues into simple briefings and communicate to the audience.
20. Mentor A band employees

Measures of Outcomes:

1. Number of internal audits and security assessments conducted per year.
2. Number of external audit facilitation activities.
3. Number of other location responsibilities.
4. Number of Threats/Risks/Vulnerabilities reported per year.
5. Number of NCs in external audits on assigned domains.
6. Areas of responsibility on cross domains.
7. Performance of ISMS/BCMS/PIMS/QMS in the responsible centre/regions.
8. Awareness activities conducted and the percentage of adoption in the responsible centre/regions.
9. Noticeable initiatives taken to improve the process.
10. Less than two stake holder escalations.
11. More than three appreciation from the stakeholders/supervisors.

Outputs Expected:Documentation:

1. Policy and Procedure creations Awareness training materials Presentations decks for internal/ external discussions Audit /Security Assessment reports

Process:

1. Internal ISMS audits independently carry out audits prepare audit reports and ensure timely closure of audit reports
2. Compliance Audits Readiness for audits representation in certification audits CAPA
3. Risk Assessment - IT Controls implementation and assess risks
4. Infosec activities training material conducting sessions co-ordinate with other teams for trainings conducting
5. Customer Assurance Involve and handle customer assurance activities
6. Policy Identify discrepancies in the policies and addressing it
7. Vulnerability Assessment and Penetration Testing/Red Teaming Activities
8. CM activities
9. Executing other location responsibilities
10. Involve and contribute to the process automations

Monitoring:

1. Mentoring and leading A band employees

Training or certifications:

1. 2 per year (on responsible domains)

Skill Examples:

1. Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions
2. Able to interpret all scenarios applicable to the business for identifying the potential risks associated with various functions/services.
3. Proficiency in Network Security Controls implementation like IAM IPS/IDS E-Mail Security Controls Cloud Security Controls etc.
4. Proficiency in Security Architecture and configuration reviews.
5. Proficiency in Technical Vulnerability Assessment and Management.
6. Strong compliance auditing knowledge.
7. Detail oriented customer oriented result delivery oriented analytical thinking
8. Development or Testing experience is an added advantage.
9. Strong in networking concepts.
10. Strong Excel and Dashboard skills.
11. Excellent Presentation and communication skills
12. Excellent verbal and written communication skills required including the ability to effectively communicate in both highly technical and non-technical environments
13. A great problem solver with the knack of coaching others to do the same
14. Good at working in a team and with other teams
15. Good time management
16. A desire for continuous learning and skill development.
17. Self-motivated and enthusiastic

,

Keyskills :
risk managementaudit reportsinternal auditit controlsexternal auditrisk assessmentcloud securitynetwork securitydata privacyanalytical skillsred teamingsecurity controlsinformation security awareness