Job
Description
Responsible for developing, implementing and administering plans, policies, techniques, and services ensuring ongoing compliance and security of company information resources. Support all information technology assessments and/or audits (PCI/SOX/HIPAA/other) of organizational automated systems and processes, interpret results, and develop and communication recommendations for improvement to management. Participate in review, development and maintenance of security policies. Perform and manage Supplier Risk Assessments. Recommends controls and monitors the effectiveness of the controls after implementation. Updates security plans resulting from application changes or hardware, software, or network modifications. Recommends and obtains approval for security standards or software and the assignment of levels of controls. Responsible for testing newly implemented security controls and procedures as implemented within the company. Provides security training and awareness delivery. Performs a security advocacy role and act as a liaison with business units for issues related to information security and ongoing compliance maintenance. Essential Duties and Responsibilities Other duties may be assigned. In the event of absence, duties for this position will be overseen by the position to which it reports. Achieves compliance for PCI and SOX by coordinating and managing the actions of teams across the organization and being the primary liaison between internal/external auditors and all business stakeholders. Identify and document security vulnerabilities and weaknesses in the environment such as unauthorized access potential, non-compliance with defined standards, etc. Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization. Develop and/or maintain expertise in identifying security risks in the hardware, software, and systems used by the organization. Develop risk/vulnerability assessment programs and questionnaires to identify and/or address identified security risks. Perform and/or respond to information technology assessments, penetration tests, and/or audits of organizational automated systems and processes, interpret results, and develop and communication recommendations for improvement to management. Provide security awareness training to organization employees. Administer and manage Security Awareness Training Program (research and update content, rollout, employee training participation verification, reporting on hosted LMS) Perform and manage an internal Continuous Compliance Monitoring Program Perform and manage Supplier Risk Assessments Review and verify security patch processes to ensure critical patches are applied to systems properly and work with system owners to remediate. Performs product evaluations, recommends and implements enterprise security products/services. Validates and tests security architecture and design solutions to recommended vendor technologies. Provide reporting metrics/create and maintain dashboards for department functions. Proficient in the use of Word, Excel Assist manager/director in planning, time budgeting and scheduling work for completion. Participate in opportunities that enhance personal and professional growth and the accomplishment of career objectives through continuing education, seminars and participation in field-related professional organizations. Accountable for execution of assigned tasks from start to finish, while fully leveraging the disciplines expected of a compliance and security analyst role according to department standards, procedures and processes. Stay current with emerging issues affecting the Cybersecurity profession. Job Type: Full-time Pay: ₹10,000.00 - ₹20,000.00 per month Schedule: Monday to Friday Night shift Work Location: In person
