Role Description
Role Proficiency:Under guidance and support from the supervisors carry out cross domain tasks assigned (including internal and external audits customer assurance awareness training VAPT Red Teaming etc.) with better knowledge and competence (Maximum supervision)
Outcomes
- Handle the assigned tasks from the allocated domain with guidance from the leads. (Domain Examples: BCMS Risk assessment Incident management HITRUST SOC Customer Assurance Awareness activities Data Privacy VAPT Red Teaming etc.)
- Assist leads in internal/external audits to ensure compliance with ISO 27001/ISO 22301/ISO 27701 requirement as well as business specific requirements.
- Responsible for the internal audits/security assessments report preparation and follow up for closure of respective audit reports.
- Understand and Evaluate IT Controls and assist in Risk Assessment
- Tracking and following up for the Risk closure.
- Learn and understand existing and emerging management practices and link with security control points with guidance from the leads.
- Handle preparatory sessions and evidence collections from all applicable teams as part of any external audits with minimum guidance from the leads.
- Comfortable with CTFs or Bug Bounty activities.
- Assist the leads in customer discussions to clearly identify/document the requirement.
- Perform security assessments and assist in preparing comprehensive technical reports for the assessments within stipulated time.
- Involve in the automation activities within the team.
- Contribute to infosec awareness activities with support from leads.
- Assist in establishing a tracking and reporting strategy.
Measures Of Outcomes
- Number of internal audits attended or security assessments been a part of
- Adherence to applicable SLAs
- Number of areas of responsibility on cross domains.
- Less than two stake holder escalations
- More than two appreciation from the stakeholders/leads.
Documentation
Outputs Expected:
- Policy and Procedure amendments Awareness training materials Presentations decks for internal/ external discussions Audit / Security Assessment reports
Process
- Internal ISMS audits – assisting in audits prepare audit reports and follow-up for the audit report closure
- Compliance Audits - Assisting certification audits conduct preparatory session and evidence collection
- Infosec activities – training material conducting sessions co-ordinate with other teams for trainings conducting
- Customer Assurance – assist in evidence collection
- Vulnerability Assessment and Penetration Testing/Red Teaming Activities
- CM activities
- Assisting the leads in executing other location responsibilities.
Training Or Certifications
- 5 per year (1 certification and minimum 4 of UST trainings related to Information/Cyber Security domains)
Skill Examples
- Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions.
- Strong Excel and Dashboard skills
- Good Presentation and communication skills
- Excellent verbal and written communication skills required including the ability to effectively communicate in both highly technical and non-technical environments.
- Detail oriented customer oriented result delivery oriented analytical thinking
- Good at working in a team and with other teams
- A great problem solver with the knack of coaching others to do the same
- Good time management
- Self-motivated and enthusiastic
- A desire for continuous learning and skill development.
Knowledge Examples
- Should have a fair understanding of concepts of Information Security Business Continuity Data Privacy VAPT Red Teaming and various compliance standards.
- Knowledge on compliance standards (ISO 27001/ISO 22301/ISO 27701)
- Knowledge of the security controls Information/Cyber Security concepts etc.
- Knowledge on standard SDLC and project management life cycles.
- Knowledge on the operations of various functional units like HR REFM IT Finance etc. and units involved in IT Asset lifecycle management.
- Knowledge on security testing standards like OWASP Top
- Good on Linux commands.
- Good on Scripting Languages like Shell Script Python etc.
- Development and Testing knowledge would an added advantage.
- Hands on experience in RSA Archer Burp Suite Nessus Nmap Genymotion Postman MobSF Drozer etc.
- Good to have Certifications like CEH ECSS CND OSWE etc.
- Specialize in any one domain (Web Network API or Mobile) Security Assessment with false positive identification of automated scan results.
Additional Comments
UST is looking for Information Security Analyst with below requirements, Operational Support: o Coordinate with technology factory teams for assessment as per BAU process o Work with Technology Asset Owners (TAOs) to assess and implement relevant BAU process for Control Factory Candidates o Perform Assessments to determine security risks/ non-compliance as per the SOP manuals o Work with the team concerned and follow through remediation o Tracking and progress reporting o Perform periodic assessments to ensure compliance proactively Skill Set Requirements:
- Role: Control Factory - Information Security Analyst
- Skills & Background: o Minimum 2-3 years of relevant industry experience in any technology risk management (TRM), IT audit and/or cyber/information security functions o Ability to understand and operate documented process for IT compliance, audit and regulatory requests o Knowhow and understanding in one or more areas of technology risk management principles, internal control concepts, cyber/information security controls, and industry frameworks o Follow documented process to maintain BAU operations o Communication Results to stakeholders o Analyze Deviations and prepare remediation plan along the documented procedures o Be able to understand controls, develop inventory, assess applications against controls o Be able to work with stakeholders in remediation activities o Ability to manage JIRA workflow tickets for BAU process o Prepare & maintain knowledge base in Confluence/Collaborate o Identify areas of automation/innovation and efficiencies to enhance the BAU operation and stakeholder experience o Functional knowledge of operating systems (Windows/Unix), databases, networks and components like system IDs, system resources, firewalls, LDAP, AD, Cloud o Functional knowledge of applications (authentication, authorization, interfaces, APIs), logging and monitoring o Functional knowledge of application design and architecture o Functional knowledge of application criticality, availability and data classification o Able to learn new skills with training and self-study o Any relevant experience in Project Management is desirable.
- Tools o JIRA, Confluence, ServiceNow and/ or Archer. o MS Office (Word/Excel/Visio), PDF and PowerPoint.
- Education and Certifications o Degree or diploma in IT or technology stream o Any industry recognized IT certifications (Microsoft, Cloud, IT Security etc)
Skills
Cyber Security,JIRA,Servicenow
