Main Skills are Communication
- Knowledge in Information Security
- Network devices (Firewall, Routers, etc.)
- Information Security Audit
- Patch / Vulnerability Management
- Vendor Management
- IT Service Management / ITIL
- Current security vulnerabilities knowledge
Skills required in position:
- Exp :- 5+ years
- Microsoft Office (Word, Excel, Powerpoint, Visio)
- Project Management Methodologies (PRINCE2)
- ISMS, ISO 27001 - Controls
- ITSM, ISO 20000, ITIL Process knowledge
- BCP/DRP - best practices
- Basic functions of devices - switches, routers, firewall, IDS, IPS, etc.,
- Risk Management methodologies
- Security audit process knowledge
- Vendor management
- IT Governance and Compliance, etc.
- Strong Analytical and Problem Solving skills
- High level communication and collaboration skills
- Risk Analysis and Management
- Ability to react to a changing environment
- Ability to influence and persuade
- Integrity and trust
- Self-starter and Willing to learn, etc.
Roles & Responsibilities:
- Handling Projects aligning with PRINCE2 methodologies
- Ensuring hosting vendors to comply with APMM Information security policies
- CSI to standardize and stabilize the process.
- Ensure to follow ITIL framework for information security management processes
Specified Description for position:
- Schedule, organise, prepare and conduct weekly security operational calls with hosting vendors.
- Follow globally accepted project management methodologies while handling projects - EDEN - Security tower (e.g. PRINCE2, PEX tools, MAERSK Model)
- Apply adequate security controls/countermeasures wherever appropriate.
- Gather adequate knowledge about the current practices in place in all security processes (e.g., security plan, security handbook, access management, risk management, etc.)
- Provide security advices/suggestions to Prime Movers/Project Managers during non-compliance of APMM Information security policy against business requirements.
- Reach appropriate stakeholders to escalate and receive approvals for Information security exceptions from time to time.
- Develop a tool to measure the performance (delivery) of security management process.
- Actively involve, participate and close open security audit findings.
- Update all evidence for audit closure in ML Audit forum sharepoint portal.
- Overall act as a SPOC for all security related processes (e.g., Foundstone scan, anti-virus (ePO) process, 3rd party security audit process, system access request, data sourcing, CRB Domain ID creation, revoking unjustifiable access, etc.)
- Keep a track of all approved system access requests; after expiry date which can be used a reference to revoke the access granted.
- Maintain an excellent professional relationship with security management professionals/focal of hosting vendors.
Learning Opportunities in position:
- To know the various tactical plans to handle security vulnerabilities.
- To improve vendor management skills.
- To update your knowledge in current best practices for security management processes.