Required Skills

risk management Cloud Security IT Risk Management Risk Assessment ISO 27001 information security

Work Authorization

  • Citizen

Preferred Employment

  • Full Time

Employment Type

  • Direct Hire

education qualification

  • UG :- - Not Required

  • PG :- - Not Required

Other Information

  • No of position :- ( 1 )

  • Post :- 20th Jul 2022


Roles and Responsibilities

  • Review Projects and their technical design documents for Information security risks and advise on suitable controls and mitigations at early stages of the program
  • Fair understanding of Technology Landscape (Applications, Infrastructure, Cloud) and review Clients information security and related threats and vulnerabilities, legal and regulatory requirements
  • Good Understanding on Security Standards like ISO 27001/2, SOX, ITGC, SOC1 or SOC2, DevSecOps, OWASP top 10, Business Impact analysis, ISO 22301, ISO 27005
  • Assess and classify all potential business and infrastructure information risks
  • Review and advise on information security risks of vendor offerings New/leveraging existing (SAAS/ PAAS/IAAS) services including integration with Client environment
  • Conduct risk assessment on Applications, Network& Systems according to Client policies, applicable Standards, legal & regulatory requirements.
  • Identify the risks in the Client Projects, provide recommendations for remediation of identified risks
  • Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies
  • Identify or design the controls for implementation based on the outcome of Risk Assessment, its remediation and residual risk.
  • Ensure all the controls outlined for an application/Infrastructure are designed effectively
  • Review Vulnerability Assessment and Penetration Test scan results and recommend the risks to be remediated
  • Review and approve the control design of supplier and their organization technical specifications against Client security control requirements
  • Ensure all the risks are documented, classified, and tracked with appropriate action as per the IRM standards.
  • Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Client Information Risk Management standards are being followed
  • Test the control effectiveness post implementation or deployment of controls and technologies.
  • Conduct Security governance with Client stakeholders.

Desired Candidate Profile

  • Understanding of Cloud Security (SAAS, IAAS and PAAS) and On-premise infrastructure
  • Understanding of secure application development and support
  • Knowledge on Network Security, Data Security Practices, End-Point Security, Identity and Access Management
  • Knowledge on Business Continuity Plan and Disaster Recovery

Knowledge and skills:

  • Projects & Stake holder Management- Governance, Management Reporting
  • Very good communication skills, Agile, Project delivery
  • Cloud Security controls, Data Security, Se(Info baselines, Privacy requirements


Company Information