Information security compliance manager

Posted: Feb. 20, 2021, 6:59 a.m. - Full Time - Ahmedabad

0 to 3 years of experienced person in the field of information and cyber security with primary responsibility for internal audit and assessment. The candidate will be part of information and cyber security team and the job involves continuous coordination with IT team members and various departments with below job role:

  1. Carrying out internal audit of implemented information and cyber security controls, business processes against ISMS (ISO 27001, ISO 22301) , PCI DSS , PA DSS requirements for Head office, Ahmedabad.

  2. Report drafting and submission with presentation with risk-based scoring

  3. Contribute in preparing team for external ISO and IS audits, documentation review

  4. Participation and contribution during external ISO and IS audits

  5. Follow-up and tracking of audit and assessment findings till closure

  6. Maintaining documentation, help team to strengthen it as per changing environment and scenarios

  7. Participate and act in other initiatives/activity for information and cyber security program.

  8. Coordinate with Client team and internal Team on closure of all actions points.

  9. Reporting to IT Head / CIO of client team to showcase dashboard of activities conducted during month

The required skill set and competency for this job role is mentioned below:

  • Knowledge of technical information and cyber security solutions like IDS/IPS, firewall, router, antivirus, privilege identity management solution etc.

  • Sound technical knowledge of operating system, network and database security on windows and non-windows platforms. Relevant hands on auditing experience will be an added advantage.

  • Knowledge of evaluating configuration hardening requirements/ benchmarks like CIS, SANS etc.

  • Knowledge of Risk Management, Change Management and incident management

  • Technically competent with log analysis and relevant tools / technologies like SIEM, manage detection and response

  • Technically sound with information and cyber incident response, well versed with manual and automatic incident response mechanisms

  • Knowledge of ISO management system standards for Information security (ISO 27001) and Business continuity management system (ISO 22301)

Skillsets/competency required:

  • ISO 27001:2013 Internal auditor / Lead auditor certification or PCI DSS Implementation, PA DSS Implementation.

  • Cyber security certifications like Incident response or forensic analysis certification

Attributes required:

  • Good documentation and reporting skills

  • Good team player

  • Excellent communication & coordination skills and presentation abilities