Job Title

- Information Security, Data Privacy and IT Governance Implementation - Execute information security assessment, business continuity assessment, risk assessments pertaining to clients IT environment. - Execute technical risk assessments around applications, control testing on premise and for Cloud environment etc. - Execute activities like data discovery, privacy & security impact analysis and propose process and technical solutions to the team. - Document policies & procedures meeting the regulatory compliance and risk management requirements. - Develop knowledge base, re-usable components for GRC advisory services. - Responsible for development and enhancements of GRC services and delivery capabilities. - Develop competency in GRC platforms (design, architecture, development & support. Participate in pre-sales activities for client RFPs/RFIs - Implement ISO 27001 ISO 22301 framework. IRDAI guidelines and NIST framework. - Implementation Knowledge of DPDPA - Develop a complete set of corporate Information Security and business continuity policies and standards and continually monitoring the information security controls, KRIs/KPIs and technical landscape. - Lead on compliance reviews, certifications, and accreditations (e.g., ISO27001, ISO22301, IRDAI, ISNP, NIST and Cyber Security guidelines) - Work with business, internal IT and third-party vendor teams to promote and adopt security best practices. - Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce confidential risks, where applicable. - Work with Security partners, Managed Security Service Provider (MSSP) to conduct and review regular security assessments (Pen tests, Vulnerability scans etc.) of vendors and solutions (SaaS, IaaS providers and MSSP - Create, communicate, and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers. - Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings. - Oversee information security audits, whether performed by organization or third-party personnel. - Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors. - Implement projects as per roadmaps. - Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. - Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements. - Day to day monitoring of IT Processes/IT Infrastructure from information security perspective. - Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans. - Manage security incidents and events to protect corporate IT assets. - Supervise change management process from Information Security perspective. - Manage & supervise vendors based on SLAs defined. - End to End knowledge on Security Incident Alerts & Management. - Comprehensive knowledge on MS Server environment, Linux Security, Operations (Endpoint Security, Data Leakage Prevention, Endpoint Encryption, SIEM, IDS/IPS, Firewalls, Proxy, WAF CASB and CCM - Comprehensive knowledge on multiple technologies amongst Firewall / PIM PAM / ENDPOINT / DLP / EDR / ENCRYPTION / DNS Security / WAF/Proxy / Server Security / IPS / Email Security / SIEM / Deep Security Multi Factor Authentication, Antivirus, Patching - Strong understanding in analysing network event logs, web filter activity, Antivirus, Antimalware, DLP, Syslog’s, IPS, and security system logs. - Strong understanding and direct experience on Cloud Security, Network Security -Anomaly Detection Systems, Firewalls, Routers, Switches, Confidential LDAP, AD Servers etc. - Experience in Network. - Knowledge of Information Security Management System - ISO 27001, Business Continuity Management System - ISO 22301