| Reporting Structure |
| Reports to Chief Manager – Cyber Security Risk Assessment and Advisory Services |
| Education | - University bachelor’s degree with specialization in the field of computer Science/IT or Engineering Graduate/PG in CS/EXTC/IT Allied branches
|
| Position | - Lead Cyber Security (RAAS-CSRA)
|
| Experience/ Qualifications | - A minimum experience of 5-7 years in IT Services and Security Management with 4 years in information / cyber security risk assessment or management or security risk advisory consulting experience
- 2 years of experience in SDLC project lifecycle, CI-CD pipelines, Secure Code review, VAPT, APPSEC from risk assessment perspective
- Perform Application Security Risk Assessment, Remediation Support for all Enterprise Platform as well as common platform components
- Manage team of risk assessors and guide them with technical training, inputs to provide quality risk reports
- Technical understanding of Microservices Architecture, Kubernetes platform, containers, HLDs, LLDs, COTS application structure.
- Manager change request for applications and ensure tracking and weekly reporting
- Experience in implementation /Governance /Review of security solutions like SIEM, Firewalls, IAM, DDOS, WAF, NIDS/NIPS, HBSS/EDR/HIPS, Honeypots etc.
- Detail understanding on networking, Linux and windows OS, Virtualization, Cloud security, Security Solutioning in applications.
- Hands-on experience in implementing or assessing the ISO 27001/ISO 20000/ISO 22301/ISO 31000 or PCI – DSS, NIST Frameworks, GDPR, Data Protection & Privacy, Programs meeting the Regulatory Compliance, Data Centre and Application security Assessment would be added advantage.
- Structured IT and Application Security Project management experience in deploying security-related initiatives as well Technical Risk Management Initiatives
- Excellent oral and written communication skills, preferred having customer or stakeholder interaction exposure
|
| Industry | BFSI or ITES or IT Security Consulting Domain experience is desirable |
| Responsibilities | - Establish procedures for identification and classification of information assets.
- Understand the existing business Critical Functionality, Operating processes, technology stacks, Architecture, Data Flows, Vendors Security, and Access management used etc. to define security requirements/risks as per regulatory compliance.
- Define project plan for mitigation and validation of risk closure in critical infrastructure in coordination with stakeholders and ensure the risk mitigation as per the defined SLA.
- Develop information security policies, standards, processes and procedures.
- Conduct information security risk assessment associated with various key assets of the organization.
- Communicate and present concisely and effectively across various levels of stakeholders.
- Advice management of critical issues that may affect the risk posture of the organizational information assets.
- Establish positive working relationships with various teams across the organization.
- Determine organizational information security requirements based on industry standards and regulatory requirements (like ISO 27001, PCI-DSS, etc)
- Generate innovative ideas for achieving the objectives.
- Demonstrate leadership and problem-solving skills
|
| Preferred Certifications (At Least Two) | - ISO 27001, ISO20000/ISO22301/ISO31000
- PCI DSS
- CEH/CHFI
- CISA/CISM/CISSP/CRISC
- CCNA/CCNP
- RHCE
|
| Location | Juinagar, Navi Mumbai. |
| Employment Type | All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent |
