JPC-22490 - Security Audit
Job Posted: May 14, 2024 | Total views: 1

Job Description:

• Job Description

   

  JD for ITRO Role

  Domain - IT Gove
  ance, Risk Management, Compliance and Audit, Data Privacy

  Job Description

  · Understand Customer environment, critical assets, threats and vulnerabilities to assess risk to the organization. Maintain current, the IT risk register, track activities around risk management life cycle with risk and control owners.

  · Identify and formally document deviations from published standards (gap assessment), estimate risk level, recommend appropriate mitigation countermeasures in operational and non-operational situations, drive risk action plans with risk owners, track and report open issues.

  · Understand applicable regulations, guidelines and industry best practices to manage compliance and ensure adherence through a system of inte
  al appraisals to ensure continued compliance.

  · Institute and maintain an effective IT compliance communication program for the Account, including promoting (a) heightened awareness of Standards of Conduct, and (b) understanding of new and existing IT compliance issues and related policies and procedures

  · Developing, reviewing, maintaining and updating documentation such as policies, standards and procedures, risk register, risk treatment plans, Business Impact Assessments, IT DR Documents, Business Continuity plans, Privacy Impact Assessments, Data Visibility sheets, etc.

  Must have experience in one or more of the following:

  · Experience in Application and Infra Security risk management including Private/Public Cloud risk management.

  · Experience and familiarity with frameworks/standards such as NIST CSF, NIST 800-53 controls, ISO 27002, CIS 20, COBIT 5/2019, PCI and regulatory requirements for data privacy like GDPR/CCPA. Exposure to Australian Standards like ACSC ISM, Essential 8, APRA/CPS 234, IRAP and APP will be a plus.

  · Must have adequate working knowledge of GRC /TPRM tools in the market – ServiceNow, RSA Archer, OneTrust, Galvanize, CyberGRX, RiskRecon, etc and Third Party rating services like Bitsight, SecurityScorecard etc.

  · Responding to SIG/SIG Lite questionnaires, facing/conducting exte
  al audits like PCI DSS, HITRUST, SOC 2 Type 2 assessments.

  Minimum Eligibility

  · Graduate /Postgraduate with Minimum 8-10 years of relevant Cybersecurity & Risk Compliance Domain experience in three or more of these areas

  · System Security, Network Security , SOC 1/SOC 2, Risk & Compliance Management – ISO 27001, NIST CSF, COBIT, PCI, SOX, Australian ACSC ISM, HIPAA, GDPR/CCPA ) experience is mandatory.

  · Expertise in two or more of the following areas - Security Risk Assessments, Vulnerability Management, Compliance management, Patch gove
  ance, Controls testing, Continuous control monitoring Controls Maturity assessments, Third Party Risk

  · Excellent communication, presentation skills and stakeholder management skills.

  · Candidate should possess one or more professional certifications- CISSP/CISA/CRISC/ COBIT (F)/ CISSP/ ISO 27001 LA/LI, ITIL(F), ISO 27701, Cloud Practitioner (AWS/Azure/GCP) certifications.

  · Additionally G

About Company :
Purview is a leading Digital Cloud & Data Engineering company headquartered in Edinburgh, United Kingdom having a presence in 14 countries India (Hyderabad, Bangalore, Chennai and Pune), Poland, Germany, Finland, Netherlands, Ireland, USA, UAE, Oman, Singapore, Hong Kong, Malaysia and Australia.

We have a strong presence in UK, Europe and APEC, providing services to Captive Clients (HSBC, NatWest, Northern Trust, IDFC First Bank, Nordia Bank etc) in fully managed solutions and co-managed capacity models. Also, we support various top IT tier 1 organisations (Capgemini, Deloitte, Wipro, Virtusa, L&T, CoForge, TechM and more) to deliver solutions and workforce/resources.

Company Info: