2 Isms Policies Jobs

Expertise in developing .NET Core based web applications with RDBMS database back-end. You must have excellent development experience using ASP.NET MVC, Web API, jQuery, etc. It is essential to demonstrate proven expertise in developing web applications in the .NET Core platform. Experience in working with Entity Framework Core, LINQ, SQL, etc., is required. You should have good working exposure with REST API and a very strong knowledge of object-oriented concepts & design patterns. Your responsibilities will include expertise in reviewing PRs and test coverage of the unit tests. The role also demands a demonstrated willingness to develop with new/unfamiliar technologies and an understanding of different design patterns. Experience in developing with a static code analyzer is necessary, along with a clear understanding of setting up a continuous integration/continuous delivery environment. You must have the ability to integrate a variety of data sources and databases into a single system. Experience in working with cloud services like AWS Lambda, SNS, Azure Functions, etc., provided by AWS, Azure, Google, etc., is preferred. Proficiency in code versioning tools like GIT and SVN is expected. A passion for best design and coding practices and a desire to develop new bold ideas is highly valued. You should also possess a good understanding and working knowledge of project tracking tools like JIRA, Azure, etc., and project collaboration tools like Confluence. Excellent communication skills are essential for conveying ideas with clarity, depth, and details. Your duties will involve preparing process and design documentations for the solutions implemented for the projects. Experience in Scrum Agile development mode and active participation in sprint ceremonies and leading them in the absence of the Scrum Master is required. Adherence to ISMS policies and procedures is mandatory. In terms of skills and competencies, you are expected to take full ownership of the tasks and user stories committed by self/team. Taking a lead role in managing tasks in a sprint, reviewing the code of team members, and ensuring the first-time quality of code is crucial. Writing clean, well-designed code is a key responsibility. You should understand the development processes agreed at the organization/client level and ensure their diligent follow-up in the project. Actively participating in optimizing and evolving these processes for the improvement of project execution is essential. Your capability should include understanding user stories, translating them into technical specifications, and converting them into working code. Following modern agile-based development processes, including TDD-based unit testing, and guiding the team to follow the same mandatorily is expected. Troubleshooting, testing, and maintaining the core product software and databases to ensure strong optimization and functionality is a part of your role. You are required to contribute in all phases of the development lifecycle. Educating, preaching, and reviewing technology best practices in the team is a responsibility. You should have the capability to follow industry trends and tools, pilot them, and ensure that the team can scale up technically to absorb technology best practices over time. Working with Technical Architects to define the Solution/Technical Architecture of the application is necessary. Understanding the complete business goal of the projects and applying this knowledge during the design and development phases is crucial. Excellent analytical skills are needed to understand the requirements in detail, comment on the logical/usability gaps if any, analyze the technical feasibility, and propose the solution approach. Identifying and splitting the tasks required for a User Story implementation, thinking from all the technical aspects, including the NFRs, is part of your duties. Providing estimation for the tasks identified for the Stories and being accountable for completing the tasks is essential. Mentoring junior team members, helping them on technology, sprint task management, code quality, etc., is expected. Readiness to take up initiatives for suggesting and implementing the best practices in the areas of respective technology is crucial. Identifying the challenges based on the requirements and initiating PoCs and feasibility studies is a responsibility that you will hold.,

Job duties / Role: 1. Information Security Management Assist CISO in implementation and management of entire ISMS life cycle Responsible for development, Periodic review, control and management of ISMS policies and procedure Monitor the adequacy of operational procedures, policies and process, create and monitor compliance Coordinate the Organization's ISO 27001:2013 recertification and SOC2 attestation process in terms of Planning, Coordination with Business owners and stakeholders and scheduling Audit meetings, Audit execution and Closure. Ensure compliance at an organizational level, achieved through identifying the applicable requirements which in the case of Quinnox are the ISO 27001 standard, Customer Contractual Security obligations and defined internal policies and procedures. Monitor performance of GDPR controls and respond to the quarterly compliance checklist. Ensure GDPR Data Processing Impact assessments are carried out periodically and gaps are addressed Plan and conduct the annual Management Review meeting. Demonstrate the performance of ISMS through the year and seek feedback / advice from the Leadership Council. Review and respond to risk assessment questionnaire by our clients Review MSA Security clauses of the existing clients and prospects Participate in POC of new security tools and implementation 2. Information Security Risk Management Carrying out Organization Wide Information Security Risk Management exercise on an Annual Basis to Quantify the Risks associated with the Information Assets and accordingly devise the Risk Mitigation strategies. Developing and Maintaining Risk Registers of all the Projects/Support Functions. Creating a Risk Summary report for the executive management. 3. Technical Vulnerability Management Monitor and review anti-virus and patch report across all endpoints and ensure that all endpoints are up-to-date with latest AV patches. Ensure SIEM and DLP alerts are monitored and corrective actions taken to address potential threats Ensure monthly scanning of infrastructure is carried out and vulnerabilities are remediated in time Defining the Scope of external VAPT and facilitating the VAPT vendor personnel with the requisite information. Facilitate the external VAPT exercise at org level, reviewing the VAPT findings for verifying the authenticity of the reported observations and ensure timely mitigation. 4. Audit Management: Act as point of contact for all external audits of ITIM to define scope and parties necessary to participate. Act as a repository of audit data to prevent duplication of audited processes Based on known annual audits, develop a schedule for audits which allows for distribution of audits throughout the course of the year Plan, schedule and execute internal ISMS audits twice a year Record the audit findings and track the closure of NC after following up with the concerned departments Summarize the audit findings and associated CAPA to include in steering committee meetings. Act as point contact during external audits and ensure smooth execution through careful planning ahead of time. 5. Change Management; Incident Management; ISMS Document Control: Ensure that all changes to critical infrastructure takes place through appropriate change control Reviewing change records for appropriateness and ensure that all they are filled in with the correct and relevant information by the responsible teams. Approve or reject changes in line with our change control policy Work and Incident Response Coordinator who, in consultation of IT head/CISO will be responsible for timely escalation and reporting of security incidents. Reviewing incident records for appropriateness and ensure that RCA and corrective actions are captured appropriately. Ensure all Incidents and security events are reviewed on an ongoing basis and appropriate corrective measures taken to remediate the issues. Maintaining, tracking and updating Change and Incident records (Record Management). Control of ISMS Documents and Records 6. Information Security Training & Awareness: Ensure dissemination of knowledge on our ISMS policies and procedures through awareness campaigns. Ensure the ISMS training compliance across all locations. Publishing security updates through newsletters on a periodic and ongoing basis. 7. Business Continuity: Perform business impact analysis, risk assessment, mitigation plans / recovery strategies and BCP testing for the company's critical business processes, operations and the technology that supports them. Ensure BCP tests, DR Drills conducted as per schedule Conduct BCP training to the crisis response team and project managers at least once a year Identify single point of failures through risk assessment and propose controls Competencies/Skills required: Must have managed Information Security in a medium / large size organization. Should be well versed with all aspects of Information security and risk management. Could have worked as an information security consultant in any of the consultancy service provider firms. Qualifications and Education Requirements: Minimum education Bachelor of Engineering Certifications such as CISSP, ISO 27001 (ISMS) Implementer / Lead Auditor, CISA, CISM will be an added advantage. Additional Notes: Ideal candidate for this position would be one who has completed an entire lifecycle of Information Security Management System in a medium or large organization.