Analyst, Security Governance & Compliance
2 years ago Security & Safety Gurgaon 252 views Reference: 22985Job Details
Requisition #: R1313538
Global accountability for :
• Driving and approving implementation of security tools
• Driving information security program in collaboration with the security technology and operations team
• Shaping the emerging model of the global Security practice. Support multiple sites and co-ordinate non-compliances with DPEs to ensure balance of business with compliance
• Ensure regulatory requirements control objectives like PCI, FFIEC, HIPAA, SSAE16 are met at the location
• Ensure customer compliances are met as per expectations.
• Understand overall risk in the environment and suggest ways to reduce to an acceptable level.
• Performing proactive risk assessment and ensure corrective action are taken
• Understand and able to interpret the contractual requirements for reviewing the business needs
• Approve business requirements based on risk assessment
• Think out of the box to meet the adhoc solution requirements from Information Security front
• Plan interaction and meet with Business leadership to ensure close rapport and right representation of the security deliveries
AREAS OF RESPONSIBILITY
• Compliance to CNX Security standards
• Accountable for creating governance to Security Calendar Activities like TCP/IP scanning, ID Validation, Health checks, Logs review, Anti-Virus management, Patch Management, Business Continuity needs, on schedule and ensure closure of all related tasks, to ensure the security assurance of the infrastructure is as high as the acceptable industry standard and the CNX tolerance
• Monitor Ensure governance of IT Security processes & practices, operations’ delivery and take corrective action as required.
• Drive CNX/Client/Internal/External and regulatory Standards (PCI, ISO 27001, SSAE16, APRA, FFIEC etc.).
• Identify customer requirements/contractual obligations and ensure compliance at the location
• Understanding of the Global Security requirements, Regulatory, cross country laws, contract interpretation and maintain security & compliance while balancing the business requirement
• Support new solutions as required
• Support new transitions of business processes as required and understand / deliver as per the contractual requirement and CNX standards
• Ensure compliance to internal and client requirements during transition and during ramp down
• Performing proactive risk assessments
• Analyze, make recommendation and ensure Publishing dashboards on a regular basis
• Provide global practice leadership by facilitating a community of likeminded practitioners to share and exchange ideas for practice growth and improvement.
• Contribute content and advice to the offering development process.
• Help shape the emerging model of the global Security practice.
SKILLS & REQUIREMENTS
• Knowledge of Security Tools like Symantec Endpoint Protection, Nessus, IPS, Websense, SIEM, Content Filter, DLP, Anti-virus and other security perimeter and network tools
• Ability to handle and analyze data security incidents and correlate them with relevant evidence as and when required
• Security Log Analysis and correlation and taking proper required action
• Basic understanding of Windows security architectures (Domain, Trusts, Group Polices, Security Logs, Authentication etc), firewalls (ACLs, Logging, Authentication etc), routers (Routing, Redundancy, Failover, RADIUS Authentication etc)
• Basic understanding of UNIX Technologies (Linux etc.) like Installation, TCP/IP Configuration, IPTABLES, DNS etc will be an added advantage
• Hands on experience on Risk Assessment and Auditing – Against Industry standard like ISO27001, Contractual Requirements, regulatory requirements like SSAE18, PCI, FFIEC and generate risk reports
• Good communication skill both verbal and written; Good English is mandatory
• Understand the business, client requirements and industry standards develop secured solutions
• Ability to think rationally on the business and client security requirements and address them
• Good Documentation and presentation Skills
• Should be constantly updated with latest Vulnerabilities, Threats, Standards & Framework of Information Security
• 10 to 12 yrs. (With at least 8-9 years in Information Security & Compliance, preferably including 6+ years of people management experience)
CERTIFICATION(S): At least one security certification will be required: CISA, CISM, CISSP or any other Industry standard certification
Interested candidates Click on below link Apply Online and you will be redirected to Career Page of Company or Career url.