3 Ssae 16 Jobs

We are seeking analyst level individuals with experience working in the field of cybersecurity and a desire to help organizations improve their operations to join our team and help run the ongoing security operations for RSM clients in a variety of industries and geographic locations. Successful candidates will have working knowledge in some or all these areas IT operations, security monitoring, active directory, IP networking and various cloud technologies. Position and Key Responsibilities At RSM, analysts work with large and small companies in variety of industries. They develop strong working relationships with their peers within the security operations center (SOC) while learning their clients businesses and challenges facing their organizations. Analysts work as part of a broader team under the direction of more senior analysts, threat hunters, shift leads, intelligence analysts and SOC managers in support of multiple clients. Working in a mutually respectful team environment helps our analysts perform at their best and integrate their career with their personal life. You will have the opportunity to: Role Responsibilities: Investigate security incidents using SIEM tools, automation, and other cybersecurity technologies (i.e. ServiceNow, Stellar Cyber, Hyas Insight and DNS Protect, sentinel One, ELK Stack, Virus total, Shodan, NetFlow, Passive DNS, Silobreaker, Tenable.io, Hatching Triage Sandbox) Analyze, escalate, and assist in remediation of critical security incidents. Improve and challenge existing processes and procedures in a very agile and fast-paced information security environment serving multiple clients Process IDS alerts and identifying incidents and events in customer data. Setup and execution and analysis of vulnerability scans Perform advanced analysis and investigation into alerts as they are identified Performing initial basic malware analysis utilizing automated means (static and dynamic sandbox analysis or other available tools) Incident intake, ticket updates and reporting of cyber events and threat intelligence Understanding, identifying, and researching indicators of compromise (IOCs) from a variety of sources such as threat intelligence reports and feeds Writing incident reports, process documentation, and interact with clients as required Transcribe and implement atomic indicators into a monitoring environment. Consume policy documentation and determine applicability in a network. Work with protocols at layers 2 and higher in the OSI model, to include ARP TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use well-known ports. Develops the playbooks to respond and recovery from various attacks/incidents. Drives the automation efforts focused on the closing cases, responding to Cyber events and analyzing data required to enable efficient response activities. Processing of Cyber Threat Intel that is used across RSM detection platforms to understand and prepare for potential threats. Threat intel is heavily used across RSM platforms drive issue prioritization. Open to working shifts in a 24x7 operations environment. Qualifications and Experience: Minimum B.A. or B.S. degree or equivalent from an accredited university by the time employment commences or prior relevant military / law enforcement experience. Computer science, information technology, information systems management, or other similar degrees preferably with a focus on information security 3-5 years experience working in a security operations center, networking operations center or threat intelligence capacity. Possess at least one security industry certification such as CYSA+, Security+, CISSP, SANS GIAC (GSOC, GCIA, GMON, CGCDA) Knowledge of security standards and information security and compliance frameworks, controls, and best practices, including SSAE 16, SOC 2 and SOC3, OWASP Top 10, SANS, NIST Must have a naturally curious mindset and approach to solving problems. Basic understanding of cloud technologies and their operations Experience supporting various operating systems such as Windows/Linux Understanding of IP network protocols

FS - Amid comprehensive regulatory change, today's financial services institutions are focusing on digital transformation, convergence and disruption from an array of non-traditional competitors - all while meeting greater demands for trust and transparency. To address this delicate balance of issues, our proficient team of business strategists, technologists and industry leaders bring fresh thinking and sector knowledge across banking and capital markets, insurance, and wealth and asset management. The results are seamless collaboration, innovative problem solving, breakthrough performance gains and sustainable value creation. We recruit, train and foster a diverse set of people who give their minds to building the future of financial services. Together, we explore new perspectives with innovative and innovative thinking to deliver exceptional client service and ensure that what we do today, counts for tomorrow. Technology Risk - helps clients to achieve sustainable growth by supporting their efforts to protect their business performance and by providing trusted communications on internal control and regulatory compliance to investors, management, regulators, customers and other stakeholders. EY teams accomplish this by assessing the technology risks that are introduced to businesses. The opportunity As a Manager within the India's Financial Services Technology Risk team, you will serve as a team member responsible for executing client related engagements in the areas of Technology risk and controls, IT governance, risk & compliance (GRC), IT Audits, IT process reviews, standard operating procedures, and other Technology Risk Services related solutions. Your key responsibilities Operate as an on-field team-member to assist leadership in employing proper information systems, resources, and controls to build solutions to maximize efficiencies and minimize risk. You can expect to work with client personnel to analyse, evaluate, and enhance information systems facilitating the business internal control process, and will assist clients and other Technology Risk professionals in performing information technology control and security engagements. Demonstrate in-depth technical capabilities and professional knowledge. Provide high quality client service, working directly with onshore and/or client teams to understand and evaluate client's IT environment and controls. Execution on client engagements - Ensure quality delivery as per client requirements. Actively establish, maintain and strengthen relationships with other team members. You'll need to report any identified risks within engagements and share any issues and updates with senior members of the team Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress. Anticipate and identify engagement related risks and escalate issues as appropriate. Actively establish & strengthen client (functional heads & key influencers) and internal relationships. Assist seniors & managers in developing new methodologies and internal initiatives. Identify & communicate potential business opportunities for the firm on existing client engagements Review of working papers & client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Identify areas requiring improvement in the client's business processes to enable preparation of recommendations. Identify & internally escalate and potential red flags related to the engagement. Demonstrate industry expertise (detailed understanding of the industry, trends, issues/challenges and leading practices). Preparation of reports/deliverables/status updates/audit committee presentations. Demonstrate ability of multi-task and manage multiple projects as directed by the managers. Ensure compliance with engagement plans and internal quality & risk management procedures. Awareness of Tech Risk/ Information security concepts and apply them on day-to-day business Demonstrate an application & solution-based approach to problem solving technique. Manage the engagement budgets and support superiors in developing marketing collaterals, business proposals and new solution / methodology development. Attention to detail and mentor young interns and analysts within the practice. Contribute to knowledge management sessions within the practice. What are we looking for A minimum of 6-8 years of experience Technology Risk Consulting, preferably from a public accounting firm or a professional services firm Bachelor/ master's degree in computer science, Information Technology, Information Security or a related discipline, or equivalent work experience. have prior work experience in the areas of IT Application controls, Automated business controls, IT General controls, IT audit and other technology risk and controls areas. Knowledge of IT systems, operating system, databases, mainframe and other technologies Knowledge of application development lifecycle such as DevOps, Agile methodologies Skilled in programming languages and SQL Proactive, self-starter, enthusiastic Adapt to different environment and enthusiastic Relevant consulting or industry experience, preferably in a professional services environment or MNC Excellent written and verbal communication, interpersonal, networking, teaming and problem-solving skills. Initiative in keeping abreast of changing industry practices, analysis and design methods, tools and techniques and emerging technologies. Familiarity with leading industry standards and frameworks such as SSAE 16/ISAE 3402, ISO/IEC 27001, COBIT, ITIL, COSO etc EY has become the strongest brand and the most attractive employer in our field, with market-leading growth over compete. Our people work side-by-side with market-leading entrepreneurs, game- changers, disruptors and visionaries. As an organisation, we are investing more time, technology and money, than ever before in skills and learning for our people. At EY, you will have a personalized Career Journey and also the chance to tap into the resources of our career frameworks to better know about your roles, skills and opportunities. EY is equally committed to being an inclusive employer and we strive to achieve the right balance for our people - enabling us to deliver excellent client service whilst allowing our people to build their career as well as focus on their wellbeing. If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world. Apply now.

Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations. Responsible and accountable for driving and maintaining the Compliance Program Which Includes: I. Defining and implementing controls as per Customer defined Security and Privacy policies II. Ensuring measurement and compliance to the policies. III. Drives Internal and External Audits IV. Participate and advise on Security Incident Investigation V. Training and awareness of Employees on Security Policies Well versed and hands-on experience for establishing processes, controls and audits of compliances like ISO 27001, ISO 15408. SOX ITGCs, SSAE 18 SOC 1 & SOC 2, PCIDSS,HIPAA, Data Privacy Standards (GDPR/Schrems) Frameworks. Documentation of IT & risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations Work with the client & technical teams for change request on any risk or control implementation as well as governance process Participate in internal as well as external regulatory audits as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security Point of contact for the client compliance & IT audit team for provisioning audit evidences within the SLAs defined. Provide strategic guidance & consulting support on implementation of IT controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Work with the client & team in identifying any process/ control gaps and suggesting the remediation plan& tracking the plan progress till closure. Liaison with Audit Firms and Client for all types of External audits like (ISO 27001, SSAE 16 SOC 1/ SOC 2 etc)