Unit Head

Description:

𝗤𝘂𝗮𝗹𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻

• BA/BS in Computer Science, Information Security, Information Systems, Engineering or related work experience
• Certifications: Information Security and risk management certification (e.g. ISACA/CRISC, ISC2 CISSP, CRISC, ISO, OSCP) is desirable but not a must

𝗘𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲

• Minimum 5 years of experience in Information Technology or Risk Management.
• Project management skills are nice to have as the activities involve coordination with internal stakeholders and the vendors

𝗝𝗼𝗯 𝗥𝗼𝗹𝗲

• Strong Knowledge of IT Risk Management Process (ISO 27005, NIST etc.)
• Maintain Risk Register
• The candidate is expected to perform complex risk assessments of information system
• Ability to come up with risk metrics, to enhance our existing procedures is highly desired.
• Performs regularly scheduled security assessment, vulnerability scans and determine corrective actions.
• Ability to assess controls with respect to cloud applications as well as organization-wide controls
• Demonstrable understanding of the concepts of technology controls and information security controls
• The resource should be able to effectively communicate with cross-functional teams and external vendors, both written and oral communication is critical
• The candidate is required to act as a “Go to” person for rest of the team.
• Execute Vulnerability Assessment / Penetration Testing of systems/networks and identifies where those systems/networks deviate from acceptable configurations or policy.

𝗗𝗲𝘀𝗶𝗿𝗲𝗱 𝗦𝗸𝗶𝗹𝗹𝘀

• Experience of Static and Dynamic Web Application Testing & source-code review of the application
• Having good knowledge of compliance with industry standards such as PCI-DSS, ISO 27000 etc.
• Experience supporting the implementation of detective, preventative, and corrective security controls to embed the organization’s security frameworks, policies, standards, and procedures effectively (ISO, NIST, PCI etc).