Niyo Solutions

PROFILE : ISM / Information Security Manager. Niyo Information Security function looking for a candidate who can manage Information Security operations in order to maintain and improve Information Security practices, governance and control desired from the role. Area Of Responsibilities :- Provide support to GRC team with artefacts / evidence collection required by them during ISMS, Internal and External Audits. - Facilitate support and coordination required during any audit activities. - Track compliance & Reviews of periodic ISMS activities such as Disaster Recovery related drill, Backup & Restoration, Change Management, IP Whitelisting/ACL, Access and Roles Reviews, IS Signoff for new development and features etc. - Control adoption of ISMS / Information Security Policy across all department and function. - Track effectiveness of Information Security department specific KPIs. - To ensure current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement done on time. - Oversee technological upgrades, improvements and major changes to the information security environment. - Perform periodic review of Change Management, Rules and Configuration. - Review control compliance required before Information Security Sign-off. - Review of Information Security events monitoring and Incidents. - Periodic review of Information Security related supplier for its SLAs. - Review Information Security Effectiveness measurement metrics across department and function as per documented procedure and associated templates. - Manage Information security awareness related training to organization personnel. - Provide Information Security training for new onboarding. - Manage Information Security specific subscription / license and certification and periodically review Information Security related spending to align with the Budget cap. - Manage and Control issuance of Digital Certificates and Encryption Keys. - Serve as a focal point of contact for the information security team and the Vendor/Partner or organization. - Communicate information security goals and new programs effectively with other department managers within the organization. - Evaluate and assess any platform or solution required within Information Security function and ensure effective deployments and its efficient use. - Periodically undertake the Incident Response simulation / table-top exercise and drill to test its effectiveness. - Create and publish reports, dashboards, metrics for Information Security operations and presentation to Department Head / Management. - Providing Department Head / Management oversight with a realistic overview of risks and threats in the technology environment. - Manage the process improvement within the Information Security function. - Identify, assess, and resolve complex issues within own area of responsibility. Desired Skills :- 4+ years of experience in Information Security relation operations. - At-least 2 Years of ISO 27001 certifications. - Completed CISSP training or certifications. - Proven track record in risk management, preferably in the audit or compliance activities, technology, or other pertinent control functions. - Proficient in architectural design principles, cyber threat assessments, and the software development life cycle. - Type of Security Assessment necessary for Application, Server, Firewall, Cloud and other IT Infrastructure related resources. - Proficient with firewalls, endpoint security, mobility management, and vulnerability scanning. - Demonstrated expertise in the management of technology and application risks and controls. - Understanding of Information security standards, guidelines and controls such as CIS, OWASP, NIST, ISMS etc. - Demonstrated aptitude for analysis and problem-solving. - Strong organizational skills and the capacity to multitask successfully. - Familiar with security best practices in IaaS/PaaS services such as AWS, Azure and Google Cloud. - Familiar with MITRE ATT&CK framework. - Familiarity with Cloud environment such as AWS, GCP, Azure. - Deep understanding of Threat hunting, OSINT, DarkWeb analysis and compromise assessment. - Good understanding of Client/Server Architecture, TCP/IP Model and Network Topology. - Familiar with OSI Model and associated layer / data units such as network layer and its data units involving Packet, Fragment, Frame, Datagram, and Segment. - Familiar with multiple Operating System platforms such as Windows, Linux and Unix. - Familiar with popular commercials / open source tools and techniques used by hackers. - Familiar with Information Security tools and solutions, category such as SIEM, Vulnerability Scanner, Web Scanner, Mobile App Security Audit, Cloud Security Audit etc. - Familiar with different Technology stack such as ELK (Elasticsearch, Logstash, Kibana), Server Less, Lambda etc. - Knowledge of Security testing methodology, and other international industry recognised standards and guidelines including CIS controls in depth. - Demonstrate strong understanding of Open Source technologies, framework, tools and trends. - Up-to-date on general cyber security risks and threat landscape / Cyber Security Community engagement. - Aware of general cyber security practices needed by computer and internet user. - Strong written and verbal communication skills expected ability to communicate security and risk-related scenarios to both technical and non-technical stakeholders. - Strong knowledge of Word, Excel and PowerPoint for professional documentations. Eligibility :- BCA / BSC / B Tech (CS/IT) / BE (CS/IT) / Diploma holder (IT / Computer / Network). - Work Experience : 6- 10 Years of total work experience.- Minimum 4+ Years experience in Information Security operation related roles. - Preferred Certifications CISSP, CRISC, CISA, CISM, CCSP and ISO 27001. (ref:hirist.tech)