Technology Risk Assessment - Manager / Senior Manager- Noida/Chennai

Key Quantitative Measures/Data

The role is expected to entrust the following responsibilities.

• Participate in Cyber security Assessment of the various IT functions to identify the gaps and Risks. He/she should have the capability to independently carry out assessments of the identified scope
• Invoke connect with stakeholders for assessment related interviews,
• Identify the scope and Initiate relevant Initial Data Request (IDR).
• Prepare the Assessment reports and manage the risk registers.
• Effective and timely communication of identified risks/gaps to the Assessee and validate the provided treatments plans for completeness and relevance.
• Participate in regular connects with stakeholders and ensure data presented is correct and updated.
• Validate the closures to ensure the identified risks are effectively managed.
• Presents updates (written reports) to senior management team on the review, assessment and publish a dashboard to the senior management capturing the most recent risk status.
• Participate in critical and high visibility projects.
• Partner with Global Information Technology, Global Information Security & other internal stakeholders for effective Cyber security assessments.
• Assessing the various threat advisories and technology available in the market.
• Keeping abreast with latest threat landscape and equipment with latest cybersecurity best practices
• Manage escalations, incidents, and complex problem

Qualifications and Experience Preferred

Professional Qualifications

• Interested candidate should have knowledge and hands on experience on the IT security operation, concept, tools, and technologies.
• Working knowledge of NIST and other cyber security frameworks
• 8+ years’ experience with Information security and cyber security standard and guideline like ISMS (ISO 27001-2013), NIST 800 – 53, CIS and IT general controls,
• Experience developing Process and policies and performing ISMS / NIST based risk assessment.
• Desirable – 8 + years of work experience in various Cyber Security related domains-
• Security Operations Centre (SOC),
• Security tools implementation and configuration.
• Vulnerability management (Infrastructure and application),
• Penetration testing
• Perimeter Security
• Application security
• Cloud security, IoT, Artificial technology.
• Risk Governance
• Other Cyber security domains.
• Threat Hunting tools
• Understanding of Cyber security risks, exploits, and vulnerabilities
• Network Security (Firewalls, VPN, NAC, Wireless), Data Security (DLP, Web Filtering, DAM, APT, CASB, SIEM), Endpoint Security (AV, Encryption, Patch Management, Data Classification, FIM, EPM, EDR/XDR), IAM (APT, MFA, PAM, ADM, MAM), and Application Security (WAF, Proxy, VAPT, SAST/DAST).
• Network - Configuration management, Network architecture, change management, problem management, data security, data backup, monitoring and log management, High Availability, Network segregation, patch management, data flow, Access mechanism and other configuration checks for secure operations.
• Cloud Network: Knowledge of network architecture, security controls, HA/load balancing, monitoring, encryption, and configuration checks across IaaS, PaaS, and SaaS for secure cloud operations.
• Tools/Technologies - Understand Operational processes, configuration management, hardening, change process, availability & performance management, data flow mechanism, architecture, access mechanism and other security aspects.
• Proficiency in all the infrastructure layers, hardware, OS, virtualization, storage, network, database and security
• Candidate with previous experience of working with or in Blue/purple/Red teams will be preferred.
• Stake holder and escalation management.
• Strong written and verbal communication skills.
• Solid understanding of NIST 800-53 and Cyber Security Framework CSF V1.1

Location - Noida /Bangalore/Chennai