Specialist II - Information Security

Specialist II - Information Security

UST Global Singapore Pte Limited | Ernakulam, KL, IN

Posted 21 days ago

Apply Now

Description



JOB DESCRIPTION

Role Proficiency:With strong knowledge of various applicable compliance standards independently handle internal/external compliance audits and VAPT/Red Teaming assignments. Involve more in the risk assessment and remediations and in customer assurance activities. Independently handle all the assigned tasks with minimal supervision.

Outcomes:

  1. Handle the assigned tasks from the allocated domain with minimal guidance from the leads. (Domain Examples: BCMS Risk assessment incident management HITRUST SOC customer assurance Awareness activities Data Privacy VAPT Red Teaming etc.)
  2. Independently handle (with very minimal guidance from the supervisors) internal/external audits to ensure compliance with ISO 27001/ISO 22301/ISO 27701 requirement as well as process specific requirements
  3. Responsible for the effective documentation of internal audits(reports) individually.
  4. Responsible for effective external audit facilitation Preparing CAPA and ensure the readiness for external audits.
  5. Point out the non-conformance areas and suggest measures to improve the information security individually.
  6. Ensure that risk management is effectively conducted across the organization business processes and information systems.
  7. Involve and contribute to customer assurance activities.
  8. Coordinate information security awareness training programs for all the employees contractors and approved system users.
  9. Coordinate and Review the technical vulnerability assessments of IT systems and processes to identify potential vulnerabilities. Submit recommendations to control any risks identified and ensure that they are implemented.
  10. Perform Security Architecture and Configuration reviews on various IT systems.
  11. Involve and contribute to process automation.
  12. Design plan and execute the Cybersecurity activities.
  13. Directly Interact with customer and communicate detailed technical requirement to the team.
  14. Use independent judgement and discretion to analyse the system security.
  15. Prepare detailed description of user requirements and steps required to perform the VAPT/Red Teaming.
  16. Learn and understand existing and emerging management practices.
  17. Independently handle the evidence collection from multiple teams as part of any external audits.
  18. Policy/Procedure creation activities and process improvement ideas to be implemented.
  19. Research and analytical skills including the ability to convert complex policy issues into simple briefings and communicate to the audience.
  20. Mentor A band employees


Measures of Outcomes:
  1. Number of internal audits and security assessments conducted per year.
  2. Number of external audit facilitation activities.
  3. Number of other location responsibilities.
  4. Number of Threats/Risks/Vulnerabilities reported per year.
  5. Number of NCs in external audits on assigned domains.
  6. Areas of responsibility on cross domains.
  7. Performance of ISMS/BCMS/PIMS/QMS in the responsible centre/regions.
  8. Awareness activities conducted and the percentage of adoption in the responsible centre/regions.
  9. Noticeable initiatives taken to improve the process.
  10. Less than two stake holder escalations.
  11. More than three appreciation from the stakeholders/supervisors.


Outputs Expected:Documentation:
  1. Policy and Procedure creations
    Awareness training materials
    Presentations decks for internal/ external discussions
    Audit /Security Assessment reports

Process:
  1. Internal ISMS audits - independently carry out audits
    prepare audit reports and ensure timely closure of audit reports
  2. Compliance Audits - Readiness for audits
    representation in certification audits
    CAPA
  3. Risk Assessment - IT Controls' implementation and assess risks
  4. Infosec activities - training material
    conducting sessions
    co-ordinate with other teams for trainings conducting
  5. Customer Assurance - Involve and handle customer assurance activities
  6. Policy - Identify discrepancies in the policies and addressing it
  7. Vulnerability Assessment and Penetration Testing/Red Teaming Activities
  8. CM activities
  9. Executing other location responsibilities
  10. Involve and contribute to the process automations

Monitoring:
  1. Mentoring and leading A band employees

Training or certifications:
  1. 2 per year (on responsible domains)


Skill Examples:
  1. Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions
  2. Able to interpret all scenarios applicable to the business for identifying the potential risks associated with various functions/services.
  3. Proficiency in Network Security Controls' implementation like IAM IPS/IDS E-Mail Security Controls Cloud Security Controls etc.
  4. Proficiency in Security Architecture and configuration reviews.
  5. Proficiency in Technical Vulnerability Assessment and Management.
  6. Strong compliance auditing knowledge.
  7. Detail oriented customer oriented result delivery oriented analytical thinking
  8. Development or Testing experience is an added advantage.
  9. Strong in networking concepts.
  10. Strong Excel and Dashboard skills.
  11. Excellent Presentation and communication skills
  12. Excellent verbal and written communication skills required including the ability to effectively communicate in both highly technical and non-technical environments
  13. A great problem solver with the knack of coaching others to do the same
  14. Good at working in a team and with other teams
  15. Good time management
  16. A desire for continuous learning and skill development.
  17. Self-motivated and enthusiastic


Knowledge Examples: Should have a strong knowledge of Information Security Business Continuity Data Privacy standards VAPT Red Teaming and various compliance standards.
  1. Knowledge on ISO and other Compliance standards efficient to evaluate the security controls.
  2. Knowledge on ISO 22301/27001/9001/27701 Risk Management incident management awareness activities customer assurance etc.
  3. Knowledge on standard SDLC and project management life cycles.
  4. Knowledge on the operations of various functional units like HR REFM IT Finance etc. and units involved in IT Asset lifecycle management.
  5. Expert on security testing standards like OWASP Top 10 SANS 25 etc.
  6. Good at OWASP cheat sheets and other security frameworks.
  7. Expert on Linux commands.
  8. Expert on Scripting Languages like Shell Script Python etc.
  9. Development and Testing knowledge would an added advantage.
  10. Hands on experience in RSA Archer Postman Burp Suite Nessus Nmap Genymotion MobSF Drozer etc.
  11. Good to have Certifications like ISO 27001/22301/9001/27701 Lead Auditor CISM CCSP CCSK DCPP CPENT LPT OSWE etc.

Additional Comments:
Title: Internal Audit Lead (Senior position) Reporting Supervisor: CISO Primary Duties: a) Schedule, coordinate, and lead company internal audits. b) Provide audit guidance to functional teams and ensure audit preparedness. c) Provide recommendations for corrective actions to ensure that audit findings are closed in compliance with audit requirements. d) Track audit findings and corrective actions to closure. e) Manage and provide reporting to executive leadership and functional team leads on audit status and progress to closure. f) Collect evidence for audits in compliance tool in coordination with the Compliance Manager. g) Provide audit project management. h) Support preparation for external audits, liaise with external auditors, and provide internal guidance in support of external audits. Skills and Experience Requirements: a) Training and two (2) years' experience in Information Security and Information Security based compliance audits (Examples include: ISO 27001, 27002, 27701, 27017, 31000, 27005, NIST 800-30, 800-53, GDPR, HIPAA, etc.). b) Fluent in English (reading, writing, and conversational). c) Minimum one (1) year working with international teams. d) Minimum one (1) year working in Privacy related compliance. e) Ability to quickly learn CyberProof organization, service offerings, and business model. Additional Preferred Skills: a) Certifications in CISSP, CISA, CIPP, ISO27001 Lead Implementor or Lead Auditor. b) Previous experience in an audit firm. c) Previous experience in a Managed Security Services Provider organization.

JOB DESCRIPTION Role Proficiency:With strong knowledge of various applicable compliance standards independently handle internal/external compliance audits and VAPT/Red Teaming assignments. Involve more in the risk assessment and remediations and in

Experience: 0.00-50.00 Years