Grc Auditor

**Designation**: Assistant Manager/ Manager

**Department**: Cyber Security

**Location**: Gurugram

**Certification**: ISO27001 LA Certification along with a CISA/CISSP/CCSP (or Equivalent)

**Required Skills**:
Firsthand experience on any Sector based compliance (RBI/IRDA/PCI/SEBI/CEA/NHB etc.) shall be an added advantage

Working knowledge on tools like Burp, Nessus, Nmap, Nipper, Metasploit etc., and any other tools (latest) in Cyber Security Audit and Management shall be an added advantage.

Basic scripting knowledge in any language a plus (Added Advantage)

Excellent communication and analytical skills to face clients directly during projects.

Good report making skills (written and verbal communication) and able to face clients directly during projects.

**Experience**:
5-10 years of post
- qualification experience on Cyber Security Projects.

Knowledge of ISMS framework along with knowledge on IT Governance, IT Risks and Security/Privacy Compliances.

Knowledge of Security configurations (best practices), policy, procedures and SOPs

Capability for verification of adequacy for regulatory compliance with respect to ISO 27001, NIST Framework, PCI-DSS, GDPR and other Privacy Guidelines

Security Risk Assessment (including Cloud Environment)

Security assurance on the Firewall/VPN/Perimeter Security (incl Cloud Environment)Information Security Responsibility and Day-to-day Operations and Approvals

Data Lifecycle Management - Creation, Retention and Disposal

Supporting ICT in solution evaluation and building/finalizing security requirements

Knowledge on third-party vendor risk management Client Security Assessments. Includes New Supplier Security Assessment during Onboarding

Day to day management of ICT security issues e.g., EoL/EoS, Patch Management, oversight of security task etc.

User entitlement reviews / theme-based reviews. Access control experience - Active Directory, LDAP, RBAC, Privileged Access, etc.

Capable of monitoring and reviewing Monthly/Quarterly Security Vulnerability Program, including Penetration Testing and Remediation Management

Support Global Information Risk Management initiatives

Representation in various Cyber Security forums/round tables (discuss on the cyber threats)

Security Consultation and guidance to the ICT and Business

Privacy and Data Leak Projects including involvement on Information Classification

Information Security Incident Reporting

Understanding of Incident and Problem Management, Audit Logs and Trail Logs.

Able to review cyber-attack surface and suggest safeguards and carry out cyber investigations

Experience on Business Continuity & DR Policies, Procedures and Plan. Experience on verification of Backup & Restoration procedure, evidence verification, BIA and its analysis, BCP/DR Test and Result.

Conversant on sharing Information Security Mailers and and conducting internal Trainings

Knowledge on Cloud based Infrastructure & privacy Requirements

Willingness to Travel