Job Description

:

Role Proficiency:

With strong knowledge of various applicable compliance standards independently handle internal/external compliance audits and VAPT/Red Teaming assignments. Involve more in the risk assessment and remediations and in customer assurance activities. Independently handle all the assigned tasks with minimal supervision.

Outcomes: * Handle the assigned tasks from the allocated domain with minimal guidance from the leads. (Domain Examples: BCMS Risk assessment incident management HITRUST SOC customer assurance Awareness activities Data Privacy VAPT Red Teaming etc.)

• Independently handle (with very minimal guidance from the supervisors) internal/external audits to ensure compliance with ISO 27001/ISO 22301/ISO 27701 requirement as well as process specific requirements
• Responsible for the effective documentation of internal audits(reports) individually.
• Responsible for effective external audit facilitation Preparing CAPA and ensure the readiness for external audits.
• Point out the non-conformance areas and suggest measures to improve the information security individually.
• Ensure that risk management is effectively conducted across the organization business processes and information systems.
• Involve and contribute to customer assurance activities.
• Coordinate information security awareness training programs for all the employees contractors and approved system users.
• Coordinate and Review the technical vulnerability assessments of IT systems and processes to identify potential vulnerabilities. Submit recommendations to control any risks identified and ensure that they are implemented.
• Perform Security Architecture and Configuration reviews on various IT systems.
• Involve and contribute to process automation.
• Design plan and execute the Cybersecurity activities.
• Directly Interact with customer and communicate detailed technical requirement to the team.
• Use independent judgement and discretion to analyse the system security.
• Prepare detailed description of user requirements and steps required to perform the VAPT/Red Teaming.
• Learn and understand existing and emerging management practices.
• Independently handle the evidence collection from multiple teams as part of any external audits.
• Policy/Procedure creation activities and process improvement ideas to be implemented.
• Research and analytical skills including the ability to convert complex policy issues into simple briefings and communicate to the audience.
• Mentor A band employees

Measures of Outcomes: * Number of internal audits and security assessments conducted per year.

• Number of external audit facilitation activities.
• Number of other location responsibilities.
• Number of Threats/Risks/Vulnerabilities reported per year.
• Number of NCs in external audits on assigned domains.
• Areas of responsibility on cross domains.
• Performance of ISMS/BCMS/PIMS/QMS in the responsible centre/regions.
• Awareness activities conducted and the percentage of adoption in the responsible centre/regions.
• Noticeable initiatives taken to improve the process.
• Less than two stake holder escalations.
• More than three appreciation from the stakeholders/supervisors.

Outputs Expected:

Documentation: * Policy and Procedure creations Awareness training materials Presentations decks for internal/ external discussions Audit /Security Assessment reports

Process: * Internal ISMS audits - independently carry out audits prepare audit reports and ensure timely closure of audit reports

• Compliance Audits - Readiness for audits representation in certification audits CAPA
• Risk Assessment - IT Controls\' implementation and assess risks
• Infosec activities - training material conducting sessions co-ordinate with other teams for trainings conducting
• Customer Assurance - Involve and handle customer assurance activities
• Policy - Identify discrepancies in the policies and addressing it
• Vulnerability Assessment and Penetration Testing/Red Teaming Activities
• CM activities
• Executing other location responsibilities
• Involve and contribute to the process automations

Monitoring: * Mentoring and leading A band employees

Training or certifications: * 2 per year (on responsible domains)

Skill Examples: * Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions

• Able to interpret all scenarios applicable to the business for identifying the potential risks associated with various functions/services.
• Proficiency in Network Security Controls\' implementation like IAM IPS/IDS E-Mail Security Controls Cloud Security Controls etc.
• Proficiency in Security Architecture and configuration reviews.
• Proficiency in Technical Vulnerability Assessment and Management.
• Strong compliance auditing knowledge.
• Detail oriented customer oriented result delivery oriented analytical thinking
• Development or Testing experience is an added advantage.
• Strong in networking concepts.
• Strong Excel and Dashboard skills.
• Excellent Presentation and communication skills
• Excellent verbal and written communication skills required including the ability to effectively communicate in both highly technical and non-technical environments
• A great problem solver with the knack of coaching others to do the same
• Good at working in a team and with other teams
• Good time management
• A desire for continuous learning and skill development.
• Self-motivated and enthusiastic

Knowledge Examples:

Additional Comments:

None

UST Global