We are looking for an individual who is able to put their technical expertise and information security knowledge to plan, execute and deliver on existing and new Information Security initiatives of the Company.
- Security Governance
- Assist the ISO in conducting all information technology and security related audits for compliance with standards, like ISO27001, PCI DSS and GDPR
- Assist management in the development of the appropriate documentation (policies, standard operating procedures) related to Information security
- Support the communication of policies, procedures, and plans regarding security and compliance best practices around applicable laws, regulations, and controls
- Coordination with internal teams (Business Operations and Support functions) to ensure the success of security programs that align with compliance (ISO27001, PCI DSS, etc.) requirements
- Support daily operational security activities such as responses to client inquiries regarding the information security programs.
- Ensure monitoring of the alerts and reports from the log analyzer (application) as a regular scheduled task and coordinate with the technology teams for analysis\validation in case of any abnormal activities logged.
- Identify, research and documentation of the compliance requirements and information security controls (required by clients or standards)
- Ensure the periodic scheduled testing of the Business Continuity Plans (Client programs)
- Perform other IT security and compliance related tasks as assigned by management
- Coordinate with compliance teams to deliver regulatory/audit requirements.
- Vulnerability Management
- Ensure scanning of vulnerabilities at scheduled intervals using appropriate\relevant scanning tools and work with the relevant technology teams to implement countermeasures.
- Monitor for new vulnerabilities reported by internal and external Scanners and track their remediation in coordination with the technology teams
- Attend to tickets raised regarding Information security incidents\breaches and analyze the breach to reach the root cause.
- Document incidents to contribute to incident response and disaster recovery plans.
- Advise and implement necessary changes required (after approvals) to counter the attack or improvise security standards.
- Advise and implement necessary changes required to counter the attack or improvise security standards.
- Monitor security access and report suspicious activity to ISO\CIO.
- Degree or Diploma in Science\Engineering or Information Systems
- Professional qualifications ISO27001 implementation, CEH (Certified Ethical Hacker\ECSA (EC-Council Certified Security Analyst)
- Excellent communication, planning organizational and writing skills
- Strong track record of developing and maintaining high quality internal policy and procedure documents
- 3+ years of experience in regulatory compliance, risk management and/or audit roles or technology governance
- 3+ years of experience in Vulnerability Management Operations using any standard tool, coordination with ASV
- Experience with Security solutions implementation like Firewalls, IDS/IPS, SIEM, Vulnerability Scan and management, Advanced Threat protection, Data Loss Prevention technologies.
- Understanding of Microsoft Windows OS and various Network devices FortiGate, Cisco, HP along with the associate vulnerabilities. Running Scans, analyzing tool results, manual vulnerability verification, and remediation by coordination with Technology teams.
- Understanding of privacy and data protection laws GDPR
- Strong understanding and Experience with compliance requirements/standards such as ISO27001, PCI DSS, GDPR.
- Experience interacting with external auditors and internal stakeholders.