- Professional
- Office in Pune
Career Opportunities: Information Security Officer (9900)Requisition ID 9900 - Posted
Essential Responsibilities include (but are not limited to):
- Help to plan and carry out the organization’s information security strategy. Prepare and execute actions based on an ISMS calendar.
- Develop a set of security standards, policies and best practices for the organization.
- Regularly monitor computer networks and systems for security issues, breaches, or intrusions.
- Conduct regular monitoring and review of the information security in engineering projects and all functions/departments.
- Responsible for vulnerability & risk assessment of all information assets.
- Work with the IT & security team to perform tests and uncover network vulnerabilities.
- Fix detected vulnerabilities to maintain a high-security standard.
- Develop company-wide best practices for IT security.
- Perform penetration testing, to find any information security weaknesses in the systems.
- Support IT team to install security measures and software to protect systems and information infrastructure, including firewalls and data encryption programs, results/logs of mobile code, malicious code, and anti-virus software, to notify any intrusions, and scan for irregular system behaviour.
- Support IT team to install required end-point security products and procedures on employees’ computers, projects’ & departments’ systems.
- Develop strategies to respond to and recover from any security breach.
- Investigate security breaches and other cybersecurity incidents and assess the extent of damage.
- Document security breaches and assess the damage they cause. Initiate incident response actions to minimize the impact.
- Stay up to date on information technology security trends, news, best practices and relevant security standards.
- Keep a watch on published and identified infosec threats and mitigations across the industry.
- Research security enhancements and make recommendations to management.
- Ensure required mitigation and preventive actions are taken to protect the company's information assets.
- Conduct periodic trainings, sessions, activities to increase employee awareness about maintaining information security.
- Increase the pool of internal auditors by identifying employees and training them as internal auditors.
- Conduct and participate in meetings of the various groups and forums such as EDRT, IRT, ISMF, etc.
- Review company contracts (MSA & NDA documents) with customers, vendors, contractors and other entities from a information security coverage perspective.
- Review and maintain the AIC and RART data of all departments and engg project groups.
- Ensure regular fire and evacuation drills are conducted to train the employees for actions during an emergency.
- Conduct call tree checks and scenario based table top exercises for reviewing preparedness for BCP / DR actions.
- Conduct periodic internal ISMS audits to review the effectiveness of information security in the organization.
- Consolidate and assess the results of all internal audits. Closure of non-conformities and required actions to strengthen the information security implementation of the organization.
- Liason, plan and proactively support the external auditors from ISMS certifying body in conducting the ISO 27001 surveillance and re-certification audits.
- Respond to customer's ISMS questionnaires in a timely and effective manner.
- Support the customer's ISMS auditors for conducting audits (if required).
- Ensure timely verification and closure of all audit findings (internal & external).
- Prepare reports of ISO activities and audits findings for informing the leadership team on quarterly basis.
- Initiate the Management Review meetings and present the status of information security to the leadership team to seek inputs and make recommendations for improvement.
- Maintain effectiveness of the ISMS with continual improvements.
Candidate must possess:
- Candidate should be based out of Pune location
- Bachelor's degree in computer science or related field
- Strong knowledge of ISO 27001 standard and prior experience with ISO 27001
- Strong knowledge of Cybersecurity, information security
- Knowledge of risk assessment tools, technologies, and methods. Strong understanding of endpoint security solutions
- Knowledge of disaster recovery, system and network security scanning tools, technologies, and methods
- Understanding of firewalls, proxies, SIEM, DLP, antivirus, content filtering and IDPS concepts
- Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact
- Experience planning, and developing security policies, standards, and procedures.
- Ability to communicate handel security incidents.
- Good experience in planning and conducting ISMS internal audits
- Experience in liasoning with external auditors from certifying bodies
- Ability to conduct trainings on information security
- A team player who shall able to technically guide the team and also work independently as individual contributor
Essential Responsibilities include (but are not limited to):
- Help to plan and carry out the organization’s information security strategy. Prepare and execute actions based on an ISMS calendar.
- Develop a set of security standards, policies and best practices for the organization.
- Regularly monitor computer networks and systems for security issues, breaches, or intrusions.
- Conduct regular monitoring and review of the information security in engineering projects and all functions/departments.
- Responsible for vulnerability & risk assessment of all information assets.
- Work with the IT & security team to perform tests and uncover network vulnerabilities.
- Fix detected vulnerabilities to maintain a high-security standard.
- Develop company-wide best practices for IT security.
- Perform penetration testing, to find any information security weaknesses in the systems.
- Support IT team to install security measures and software to protect systems and information infrastructure, including firewalls and data encryption programs, results/logs of mobile code, malicious code, and anti-virus software, to notify any intrusions, and scan for irregular system behaviour.
- Support IT team to install required end-point security products and procedures on employees’ computers, projects’ & departments’ systems.
- Develop strategies to respond to and recover from any security breach.
- Investigate security breaches and other cybersecurity incidents and assess the extent of damage.
- Document security breaches and assess the damage they cause. Initiate incident response actions to minimize the impact.
- Stay up to date on information technology security trends, news, best practices and relevant security standards.
- Keep a watch on published and identified infosec threats and mitigations across the industry.
- Research security enhancements and make recommendations to management.
- Ensure required mitigation and preventive actions are taken to protect the company's information assets.
- Conduct periodic trainings, sessions, activities to increase employee awareness about maintaining information security.
- Increase the pool of internal auditors by identifying employees and training them as internal auditors.
- Conduct and participate in meetings of the various groups and forums such as EDRT, IRT, ISMF, etc.
- Review company contracts (MSA & NDA documents) with customers, vendors, contractors and other entities from a information security coverage perspective.
- Review and maintain the AIC and RART data of all departments and engg project groups.
- Ensure regular fire and evacuation drills are conducted to train the employees for actions during an emergency.
- Conduct call tree checks and scenario based table top exercises for reviewing preparedness for BCP / DR actions.
- Conduct periodic internal ISMS audits to review the effectiveness of information security in the organization.
- Consolidate and assess the results of all internal audits. Closure of non-conformities and required actions to strengthen the information security implementation of the organization.
- Liason, plan and proactively support the external auditors from ISMS certifying body in conducting the ISO 27001 surveillance and re-certification audits.
- Respond to customer's ISMS questionnaires in a timely and effective manner.
- Support the customer's ISMS auditors for conducting audits (if required).
- Ensure timely verification and closure of all audit findings (internal & external).
- Prepare reports of ISO activities and audits findings for informing the leadership team on quarterly basis.
- Initiate the Management Review meetings and present the status of information security to the leadership team to seek inputs and make recommendations for improvement.
- Maintain effectiveness of the ISMS with continual improvements.
Candidate must possess:
- Candidate should be based out of Pune location
- Bachelor's degree in computer science or related field
- Strong knowledge of ISO 27001 standard and prior experience with ISO 27001
- Strong knowledge of Cybersecurity, information security
- Knowledge of risk assessment tools, technologies, and methods. Strong understanding of endpoint security solutions
- Knowledge of disaster recovery, system and network security scanning tools, technologies, and methods
- Understanding of firewalls, proxies, SIEM, DLP, antivirus, content filtering and IDPS concepts
- Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact
- Experience planning, and developing security policies, standards, and procedures.
- Ability to communicate handel security incidents.
- Good experience in planning and conducting ISMS internal audits
- Experience in liasoning with external auditors from certifying bodies
- Ability to conduct trainings on information security
- A team player who shall able to technically guide the team and also work independently as individual contributor
Essential Responsibilities include (but are not limited to):
- Help to plan and carry out the organization’s information security strategy. Prepare and execute actions based on an ISMS calendar.
- Develop a set of security standards, policies and best practices for the organization.
- Regularly monitor computer networks and systems for security issues, breaches, or intrusions.
- Conduct regular monitoring and review of the information security in engineering projects and all functions/departments.
- Responsible for vulnerability & risk assessment of all information assets.
- Work with the IT & security team to perform tests and uncover network vulnerabilities.
- Fix detected vulnerabilities to maintain a high-security standard.
- Develop company-wide best practices for IT security.
- Perform penetration testing, to find any information security weaknesses in the systems.
- Support IT team to install security measures and software to protect systems and information infrastructure, including firewalls and data encryption programs, results/logs of mobile code, malicious code, and anti-virus software, to notify any intrusions, and scan for irregular system behaviour.
- Support IT team to install required end-point security products and procedures on employees’ computers, projects’ & departments’ systems.
- Develop strategies to respond to and recover from any security breach.
- Investigate security breaches and other cybersecurity incidents and assess the extent of damage.
- Document security breaches and assess the damage they cause. Initiate incident response actions to minimize the impact.
- Stay up to date on information technology security trends, news, best practices and relevant security standards.
- Keep a watch on published and identified infosec threats and mitigations across the industry.
- Research security enhancements and make recommendations to management.
- Ensure required mitigation and preventive actions are taken to protect the company's information assets.
- Conduct periodic trainings, sessions, activities to increase employee awareness about maintaining information security.
- Increase the pool of internal auditors by identifying employees and training them as internal auditors.
- Conduct and participate in meetings of the various groups and forums such as EDRT, IRT, ISMF, etc.
- Review company contracts (MSA & NDA documents) with customers, vendors, contractors and other entities from a information security coverage perspective.
- Review and maintain the AIC and RART data of all departments and engg project groups.
- Ensure regular fire and evacuation drills are conducted to train the employees for actions during an emergency.
- Conduct call tree checks and scenario based table top exercises for reviewing preparedness for BCP / DR actions.
- Conduct periodic internal ISMS audits to review the effectiveness of information security in the organization.
- Consolidate and assess the results of all internal audits. Closure of non-conformities and required actions to strengthen the information security implementation of the organization.
- Liason, plan and proactively support the external auditors from ISMS certifying body in conducting the ISO 27001 surveillance and re-certification audits.
- Respond to customer's ISMS questionnaires in a timely and effective manner.
- Support the customer's ISMS auditors for conducting audits (if required).
- Ensure timely verification and closure of all audit findings (internal & external).
- Prepare reports of ISO activities and audits findings for informing the leadership team on quarterly basis.
- Initiate the Management Review meetings and present the status of information security to the leadership team to seek inputs and make recommendations for improvement.
- Maintain effectiveness of the ISMS with continual improvements.
Candidate must possess:
- Candidate should be based out of Pune location
- Bachelor's degree in computer science or related field
- Strong knowledge of ISO 27001 standard and prior experience with ISO 27001
- Strong knowledge of Cybersecurity, information security
- Knowledge of risk assessment tools, technologies, and methods. Strong understanding of endpoint security solutions
- Knowledge of disaster recovery, system and network security scanning tools, technologies, and methods
- Understanding of firewalls, proxies, SIEM, DLP, antivirus, content filtering and IDPS concepts
- Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact
- Experience planning, and developing security policies, standards, and procedures.
- Ability to communicate handel security incidents.
- Good experience in planning and conducting ISMS internal audits
- Experience in liasoning with external auditors from certifying bodies
- Ability to conduct trainings on information security
- A team player who shall able to technically guide the team and also work independently as individual contributor
Essential Responsibilities include (but are not limited to):
- Help to plan and carry out the organization’s information security strategy. Prepare and execute actions based on an ISMS calendar.
- Develop a set of security standards, policies and best practices for the organization.
- Regularly monitor computer networks and systems for security issues, breaches, or intrusions.
- Conduct regular monitoring and review of the information security in engineering projects and all functions/departments.
- Responsible for vulnerability & risk assessment of all information assets.
- Work with the IT & security team to perform tests and uncover network vulnerabilities.
- Fix detected vulnerabilities to maintain a high-security standard.
- Develop company-wide best practices for IT security.
- Perform penetration testing, to find any information security weaknesses in the systems.
- Support IT team to install security measures and software to protect systems and information infrastructure, including firewalls and data encryption programs, results/logs of mobile code, malicious code, and anti-virus software, to notify any intrusions, and scan for irregular system behaviour.
- Support IT team to install required end-point security products and procedures on employees’ computers, projects’ & departments’ systems.
- Develop strategies to respond to and recover from any security breach.
- Investigate security breaches and other cybersecurity incidents and assess the extent of damage.
- Document security breaches and assess the damage they cause. Initiate incident response actions to minimize the impact.
- Stay up to date on information technology security trends, news, best practices and relevant security standards.
- Keep a watch on published and identified infosec threats and mitigations across the industry.
- Research security enhancements and make recommendations to management.
- Ensure required mitigation and preventive actions are taken to protect the company's information assets.
- Conduct periodic trainings, sessions, activities to increase employee awareness about maintaining information security.
- Increase the pool of internal auditors by identifying employees and training them as internal auditors.
- Conduct and participate in meetings of the various groups and forums such as EDRT, IRT, ISMF, etc.
- Review company contracts (MSA & NDA documents) with customers, vendors, contractors and other entities from a information security coverage perspective.
- Review and maintain the AIC and RART data of all departments and engg project groups.
- Ensure regular fire and evacuation drills are conducted to train the employees for actions during an emergency.
- Conduct call tree checks and scenario based table top exercises for reviewing preparedness for BCP / DR actions.
- Conduct periodic internal ISMS audits to review the effectiveness of information security in the organization.
- Consolidate and assess the results of all internal audits. Closure of non-conformities and required actions to strengthen the information security implementation of the organization.
- Liason, plan and proactively support the external auditors from ISMS certifying body in conducting the ISO 27001 surveillance and re-certification audits.
- Respond to customer's ISMS questionnaires in a timely and effective manner.
- Support the customer's ISMS auditors for conducting audits (if required).
- Ensure timely verification and closure of all audit findings (internal & external).
- Prepare reports of ISO activities and audits findings for informing the leadership team on quarterly basis.
- Initiate the Management Review meetings and present the status of information security to the leadership team to seek inputs and make recommendations for improvement.
- Maintain effectiveness of the ISMS with continual improvements.
Candidate must possess:
- Candidate should be based out of Pune location
- Bachelor's degree in computer science or related field
- Strong knowledge of ISO 27001 standard and prior experience with ISO 27001
- Strong knowledge of Cybersecurity, information security
- Knowledge of risk assessment tools, technologies, and methods. Strong understanding of endpoint security solutions
- Knowledge of disaster recovery, system and network security scanning tools, technologies, and methods
- Understanding of firewalls, proxies, SIEM, DLP, antivirus, content filtering and IDPS concepts
- Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact
- Experience planning, and developing security policies, standards, and procedures.
- Ability to communicate handel security incidents.
- Good experience in planning and conducting ISMS internal audits
- Experience in liasoning with external auditors from certifying bodies
- Ability to conduct trainings on information security
- A team player who shall able to technically guide the team and also work independently as individual contributor
