JPC-232515 - Security Consultant
Job Posted: May 14, 2024 | Total views: 1

Job Description:

• Job Description

  Description:

  Information Security function provides capabilities to efficiently safeguard information and technology assets for business and customer use.

  This individual will be a key member assessing and prioritizing risk across the organization, compliance with information security policies, and the development and reporting of information security metrics related to Identity and Access Management (IAM), and Privileged Access Management (PAM) processes.

  IAM is a capability that supports Technology and Business teams by facilitating and ensuring that the appropriate personnel have access to authorized systems and applications. IAM encompasses the practices, technologies, and teams required to carry out, support, and enforce various functions, including access requests, access provisioning/de-provisioning, access certifications, and access control.

   

  Responsibilities:

  • Work closely with the New York Information Security and Santander US Identity and Access Services teams, and Business Owners to address any New York related IAM, PAM and Single Sign On (SSO) related issues including related regulatory requirements to mature the information security program.
  • The submission, approval, creation, and removal of accounts, entitlements, application roles, and business roles follows documented processes and procedures with clearly defined roles and responsibilities.
  • User Active Directory accounts unused for the previous 90 calendar days are reviewed for inactivity and, if confirmed to be inactive, disabled or removed.
  • All certified access rights are documented and current. Technology Platform Owners identifies users whose access rights violate the Separation of Duty (“SoD”) rules and is reviewed with managers/supervisors. Any exceptions are documented, risk-assessed, and formally approved within 30 business days of the management review.
  • The recertification process is performed as a formal review of information assets to confirm that all granted access rights entitlements remain valid, updated, and in full compliance with the Segregation of Duties (SoD) rules and Principle of Least Privilege.
  • Execution of a recertification for information assets and collecting all recertification evidence that access rights entitlements have been validated within SLAs .
  • Review the access rights associated with default privileged roles and verify that they match the definition and adhere to “minimum required privilege” for applications, operating systems, databases, and network devices.
  • Identification of privileged accounts to be carried out in consultation with Technology Platform Owners, Application Owners, Business, and Technology Infrastructure teams. Privileged accounts include “super users,” service accounts, local administration accounts, emergency accounts, and application-specific administrative accounts.
  •  All assets are onboarded to the Privileged Access Management System (PAMS) such as CyberArk and a process is define to periodically review and recertify the accounts including groups they belong to.
  • Perform risk assessments and control gap analysis against Information Security Policies and Standards.
  • Support coordination for closure of gaps identified with Standard Requirements and Cyber Risk Assessment methodology.
  • Analysis, evidence gathering and documenting compliance with Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT), NYDFS 23 NYCRR 500 cybersecurity or any other regulatory requirements.
  • Create, organize, and articulate summarized risk findings that are clear and actionable by business stakeholders, reduce risk by helping to prioritize and drive remediation efforts throughout the organization, and contribute to risk management, treatment, and reporting process efforts to protect data assets.

   

  Education:

  Bachelor’s or undergraduate degree in Information Systems or Information Technology or equivalent work experience in Information Technology, Information Systems, or equivalent field.

   

  Skills and Experience:

  ·       Preferably 6-9 years’ experience in information security, identity and access management, privileged access management, Single Sign On, Azure Active Directory integration, Cloud Framework, IT audit, or information technology risk management

  ·       Experience with risk assessments and compliance of major regulatory initiatives (e.g. SOX, NYDFS)

  ·       Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.)

  ·       Possess the ability to perform under pressure in a challenging environment.

  ·       A hunger to lea
  and take on challenging opportunities contributing to the success of information security team

  ·       Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects

  ·       Proven ability to work in team environment

  ·       Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.

   

  Languages: English (MUST!!), Spanish (Nice to have)

About Company :
Purview is a leading Digital Cloud & Data Engineering company headquartered in Edinburgh, United Kingdom having a presence in 14 countries India (Hyderabad, Bangalore, Chennai and Pune), Poland, Germany, Finland, Netherlands, Ireland, USA, UAE, Oman, Singapore, Hong Kong, Malaysia and Australia.

We have a strong presence in UK, Europe and APEC, providing services to Captive Clients (HSBC, NatWest, Northern Trust, IDFC First Bank, Nordia Bank etc) in fully managed solutions and co-managed capacity models. Also, we support various top IT tier 1 organisations (Capgemini, Deloitte, Wipro, Virtusa, L&T, CoForge, TechM and more) to deliver solutions and workforce/resources.

Company Info: