Niyo Solutions

PROFILE : ISM / Information Security Manager.

Niyo Information Security function looking for a candidate who can manage Information Security operations in order to maintain and improve Information Security practices, governance and control desired from the role.

Area Of Responsibilities :

- Provide support to GRC team with artefacts / evidence collection required by them during ISMS, Internal and External Audits.

- Facilitate support and coordination required during any audit activities.

- Track compliance & Reviews of periodic ISMS activities such as Disaster Recovery related drill, Backup & Restoration, Change Management, IP Whitelisting/ACL, Access and Roles Reviews, IS Signoff for new development and features etc.

- Control adoption of ISMS / Information Security Policy across all department and function.

- Track effectiveness of Information Security department specific KPIs.

- To ensure current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement done on time.

- Oversee technological upgrades, improvements and major changes to the information security environment.

- Perform periodic review of Change Management, Rules and Configuration.

- Review control compliance required before Information Security Sign-off.

- Review of Information Security events monitoring and Incidents.

- Periodic review of Information Security related supplier for its SLAs.

- Review Information Security Effectiveness measurement metrics across department and function as per documented procedure and associated templates.

- Manage Information security awareness related training to organization personnel.

- Provide Information Security training for new onboarding.

- Manage Information Security specific subscription / license and certification and periodically review Information Security related spending to align with the Budget cap.

- Manage and Control issuance of Digital Certificates and Encryption Keys.

- Serve as a focal point of contact for the information security team and the Vendor/Partner or organization.

- Communicate information security goals and new programs effectively with other department managers within the organization.

- Evaluate and assess any platform or solution required within Information Security function and ensure effective deployments and its efficient use.

- Periodically undertake the Incident Response simulation / table-top exercise and drill to test its effectiveness.

- Create and publish reports, dashboards, metrics for Information Security operations and presentation to Department Head / Management.

- Providing Department Head / Management oversight with a realistic overview of risks and threats in the technology environment.

- Manage the process improvement within the Information Security function.

- Identify, assess, and resolve complex issues within own area of responsibility.

Desired Skills :

- 4 years of experience in Information Security relation operations.

- At-least 2 Years of ISO 27001 certifications.

- Completed CISSP training or certifications.

- Proven track record in risk management, preferably in the audit or compliance activities, technology, or other pertinent control functions.

- Proficient in architectural design principles, cyber threat assessments, and the software development life cycle.

- Type of Security Assessment necessary for Application, Server, Firewall, Cloud and other IT Infrastructure related resources.

- Proficient with firewalls, endpoint security, mobility management, and vulnerability scanning.

- Demonstrated expertise in the management of technology and application risks and controls.

- Understanding of Information security standards, guidelines and controls such as CIS, OWASP, NIST, ISMS etc.

- Demonstrated aptitude for analysis and problem-solving.

- Strong organizational skills and the capacity to multitask successfully.

- Familiar with security best practices in IaaS/PaaS services such as AWS, Azure and Google Cloud.

- Familiar with MITRE ATT&CK framework.

- Familiarity with Cloud environment such as AWS, GCP, Azure.

- Deep understanding of Threat hunting, OSINT, DarkWeb analysis and compromise assessment.

- Good understanding of Client/Server Architecture, TCP/IP Model and Network Topology.

- Familiar with OSI Model and associated layer / data units such as network layer and its data units involving Packet, Fragment, Frame, Datagram, and Segment.

- Familiar with multiple Operating System platforms such as Windows, Linux and Unix.

- Familiar with popular commercials / open source tools and techniques used by hackers.

- Familiar with Information Security tools and solutions, category such as SIEM, Vulnerability Scanner, Web Scanner, Mobile App Security Audit, Cloud Security Audit etc.

- Familiar with different Technology stack such as ELK (Elasticsearch, Logstash, Kibana), Server Less, Lambda etc.

- Knowledge of Security testing methodology, and other international industry recognised standards and guidelines including CIS controls in depth.

- Demonstrate strong understanding of Open Source technologies, framework, tools and trends.

- Up-to-date on general cyber security risks and threat landscape / Cyber Security Community engagement.

- Aware of general cyber security practices needed by computer and internet user.

- Strong written and verbal communication skills expected ability to communicate security and risk-related scenarios to both technical and non-technical stakeholders.

- Strong knowledge of Word, Excel and PowerPoint for professional documentations.

Eligibility :

- BCA / BSC / B Tech (CS/IT) / BE (CS/IT) / Diploma holder (IT / Computer / Network).

- Work Experience : 6- 10 Years of total work experience.

- Minimum 4 Years experience in Information Security operation related roles.

- Preferred Certifications CISSP, CRISC, CISA, CISM, CCSP and ISO 27001.