|Following are the the JD/experience: • 5-7 years of industry experience with IT Governance and Compliance Testing • Experience in testing ISO 27001, PCI DSS, HIPPA, SSAE 16, SSAE18 and application c|
|Job Category||Quality Assurance|
|Job Location||Noida, India|
|Key Skills Required||ISO 27001,Network Security,Quality Assurance,Software Lifecycle Testing|
|No. Of Openings||1|
Following are the the JD/experience:
- 5-7 years of industry experience with IT Governance and Compliance Testing
- Experience in testing ISO 27001, PCI DSS, HIPPA, SSAE 16, SSAE18 and application controls.
- Experience with Information Security Controls - Application development Controls, Secure SDLC audit or assessment experience and enterprise security policies and procedures assessment.
- Experience with Risk Assessment and Treatment, mapping controls, reviewing evidences, assessments, perform GAP analysis and reporting.
- Experience with VAPT, Application Security Testing. Should have worked on certain tools like Nessus, Kali Linux, Qualys etc.
- Creating policies/procedures suiting Security Compliance standards.
- Determines security violations and inefficiencies by conducting periodic audits, incident Investigation Plan and drive the external and internal audits for information security, liaison with stakeholders, report the findings to senior leadership
- Drive the information risk management activities : Risk analysis, identifying mitigation controls, drawing and updating BCPs.
- Support the pre-sales with review of InfoSec requirements in MSAs/ SOWs and provide inputs / comments to highlight the areas that need attention. If required should do necessary research to provide inputs
- Design and drive the security awareness program : Quizzes, trainings, newsletters
- Introduce new security practices to enhance the ISMS and its effectiveness
- Thorough understanding of IT infrastructure - Application and Network Security Requirements, Servers and User Systems Control Assessment (Windows, UNIX, distributed, mainframe systems).
- Relevant certifications (CISSP/ CISA/ ISO 27001 LA/CISM) are a must.
- Ability to understand client’s information security requirements to perform a comprehensive and effective controls testing for new applications introduced in the IT environment.
- Able to communicate with the users and technical teams, prior experience with working in offshore – onsite engagements model will be a plus.
- Strong understanding of application security practices (such as OWASP Top 10) and other compliance standards/frameworks like ISO 27001/27002, NIST, HITRUST, COBIT, SOX, GLBA, SSAE16/SOC 2, HIPAA etc. will be an advantage.
- Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment.