Information Security Analyst

Job Description

Key Responsibilities

1. Performs risk assessments, internal audits, and tests to ensure proper functioning of data processing activities and security measures and ensure all observations are closed on time with proper evidence.

2. Performs application, server, DB users access rights review on monthly/quarterly basis and reports to get appropriately approved by management.

3. To ensure all platform like network, server, application, database audit logs are stored for one year. Also, to ensure the logs review done on daily and monthly basis for the critical devices and applications.

4. To ensure all external ASV/VA scan, internal VA scan, internal, external, application penetration tests, Segmentation PT are performed on scheduled time and also to ensure all critical, high and medium vulnerabilities tracked and closed within defined SLA

5. Performs policy procedures review on regular basis and to ensure process is followed as per the policy/procedure defined.

6. To ensure that the application change requests, incidents, problems tickets are tracked and reviewed on monthly basis and ensure all observations closed on time.

7. Perform review of assets like Applications, Software, Platforms, Mobile Applications, Database, Storage unit, Network and communication service, End User Devices and to ensure are documented by respective stake holder and reviewed.

8. To ensure Business continuity/DR Drill/Call tress/restoration tests are initiated and conducted as per client and internal requirement.

9. Perform Information security user awareness, BCP awareness training for all the users on regular basis.

10. To ensure that AV signatures are updated on daily basis and also to ensure that application-level patches, server level patches, Database patches and other mobile devices are patched on regular basis and deployment is tracked as per ISMS/PCI/Client compliance requirement.

11. Perform firewall rule set reviews on monthly / quarterly basis and to ensure all access rule justification are documented and insecure ports and services are closed.

Desired Skills

1. CISM, CISA, LA- ISO 9001 & 27001, CEH, Exposure to Implementation of PCI-DSS, PCI PIN & PCI P2PE controls.

2. Demonstrated problem-solving and analytical skills.

3. Proficient, or able to gain proficiency with, a broad array of security software applications and tools.

4. Thorough understanding of computer-related security systems including firewalls, encryption, and password protection and authentication

5. Proficient in security testing tools, Microsoft Office Suite, Microsoft Excel, or related software. 6. Excellent verbal and written communication skills.

Technical/Functional Proficiency Required

1. Assess risks to determine improvements for security policies and protocols.

2. Problem-solving skills.

Experience Level (If applicable)

3-8 years of experience in computer systems with some specialization in computer and software security highly preferred.