Role : Associate Security Consultant (Band U4)
Domain : Information Security Governance, Risk and Compliance Management, Security Ops
Experience : 6 10 Years
Certifications : ISO 27001 Lead Implementer / Lead Auditor, CISSP, CISA, CISM, or GDPR (at least one
or more of these).
Department : Enterprise Security and Risk Management (ESRM)
? Identity and validate the scope of security and compliance requirements applicable to the program
? Define the security organization, roles and responsibilities and reporting mechanisms for the program
? Identity security service levels, metrics and measurement techniques
? Develop transition plan for security management services
? Develop questionnaires and checklists for gathering information on as is security controls
? Conduct gap analysis of current state against the contracted security and compliance requirements. Provide recommendations for remediation and identify solutions
? Design ?TO BE? security processes, procedures and guidelines for the Managed Services Program in accordance with ISO 27002
? Design risk assessment procedures in accordance with ISO 27005
? Design security assurance and review processes
? Establish Computer Security Incident Response (CSIRT) function
? Co ordinate with customer and internal teams for roll out of to be security processes, procedures and guidelines
? Conduct internal security audit/ assessment and support for External Audits like ISAE 3402 Type1/ Type2 as per contract requirements.
? Understand the data privacy, legislation and regulatory requirements in Europe Region for customer operations in industries like Telecom, Banking, Financial Services and Insurance, Manufacturing etc.
? A cybersecurity personnel to perform and oversee Supplier?s cybersecurity functions (?Cybersecurity Personnel?).
? To ensure Supplier?s Cybersecurity Personnel undertake training when scheduled to be aware of the current and changing cybersecurity threats and countermeasures. Capture evidence of Cybersecurity Personnel qualifications to be made available to customer upon request during audit.
? 6 10 years? experience in information security consulting, project management and service delivery
? Strong understanding of InfoSec and risk management standards like ISO 27001/27002/27005
? Broad understanding of network and infrastructure security, vulnerability management, application security and data security
? Desirable certifications ?ISO 27001 LA/ LI