Roles and Responsibilities
- Review Projects and their technical design documents for Information security risks and advise on suitable controls and mitigations at early stages of the program
- Fair understanding of Technology Landscape (Applications, Infrastructure, Cloud) and review Clients information security and related threats and vulnerabilities, legal and regulatory requirements
- Good Understanding on Security Standards like ISO 27001/2, SOX, ITGC, SOC1 or SOC2, DevSecOps, OWASP top 10, Business Impact analysis, ISO 22301, ISO 27005
- Assess and classify all potential business and infrastructure information risks
- Review and advise on information security risks of vendor offerings New/leveraging existing (SAAS/ PAAS/IAAS) services including integration with Client environment
- Conduct risk assessment on Applications, Network& Systems according to Client policies, applicable Standards, legal & regulatory requirements.
- Identify the risks in the Client Projects, provide recommendations for remediation of identified risks
- Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies
- Identify or design the controls for implementation based on the outcome of Risk Assessment, its remediation and residual risk.
- Ensure all the controls outlined for an application/Infrastructure are designed effectively
- Review Vulnerability Assessment and Penetration Test scan results and recommend the risks to be remediated
- Review and approve the control design of supplier and their organization technical specifications against Client security control requirements
- Ensure all the risks are documented, classified, and tracked with appropriate action as per the IRM standards.
- Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Client Information Risk Management standards are being followed
- Test the control effectiveness post implementation or deployment of controls and technologies.
- Conduct Security governance with Client stakeholders.
Desired Candidate Profile
- Understanding of Cloud Security (SAAS, IAAS and PAAS) and On-premise infrastructure
- Understanding of secure application development and support
- Knowledge on Network Security, Data Security Practices, End-Point Security, Identity and Access Management
- Knowledge on Business Continuity Plan and Disaster Recovery
Knowledge and skills:
- Projects & Stake holder Management- Governance, Management Reporting
- Very good communication skills, Agile, Project delivery
- Cloud Security controls, Data Security, Se(Info baselines, Privacy requirements