About Company: The company is a top-notch IT security firm with a reputation for innovation and vision. They specialize in helping businesses worldwide protect their applications and networks using advanced scanning techniques and in-depth expertise. Based in India, the company has a team of over 150+ employees working in various locations nationwide
Required Skills & Competencies:
- Knowledge of technical information and cybersecurity solutions, including IDS/IPS, firewalls, routers, antivirus, and privileged identity management solutions.
- Strong technical expertise in operating systems, network security, and database security across Windows and non-Windows platforms.
- Hands-on auditing experience is an advantage.
- Familiarity with configuration hardening requirements/benchmarks like CIS and SANS. Knowledge of risk management, change management, and incident management.
- Proficiency in log analysis and tools/technologies such as SIEM and managed detection and response systems.
- Experience in manual and automatic incident response mechanisms.
- Knowledge of ISO standards for Information Security (ISO 27001) and Business Continuity Management (ISO 22301).
- Lead Implementor Certified for ISO 27001:2022
Preferred Certifications:
- ISO 27001:2022 Internal Auditor/Lead Auditor Certification.
- PCI DSS and PA DSS Implementation Certification.
- Cybersecurity certifications in incident response or forensic analysis.
Tasks & Responsibilities: The Compliance Manager will be part of the Information and Cyber Security Team, coordinating with IT and other departments.
Key responsibilities include:
- Conducting internal/external audits of implemented information and cybersecurity controls, and business processes against standards such as ISMS (ISO 27001, ISO 22301), PCI DSS, and PA DSS.
- Drafting and submitting reports, including presentations with risk-based scoring. Preparing the team for external ISO and IS audits and reviewing documentation.
- Participating in and contributing to external ISO and IS audits.
- Tracking and following up on audit and assessment findings until closure.
- Maintaining and updating documentation to align with evolving environments and scenarios.
- Supporting other initiatives and activities within the information and cybersecurity program.
- Coordinating with client teams and internal teams to ensure the closure of action points.
- Reporting monthly activities and dashboards to the IT Head/CIO of client teams.