We are looking for an Information Security Engineer to work under the supervision of CTO, assist in the development, identification, implementation, and maintenance of organization & clients’ information security policies and procedures in coordination with organization management.
About Us:
1. Founded in 1996, GCS Information Technology Services, Inc. is a leading provider of helpdesk, desktop, managed network support, managed hosting, data backup, disaster recovery, business continuity support and services? We provide Secure, Innovative, Efficient IT Solutions.
2. Our mission is to make technology work for our clients, whether that means implementing an onsite helpdesk, providing break/fix services, hosting complex applications, conducting network security audits on regular intervals, ensuring disaster recovery plans are in place and/or resolving problems with servers.
3. GCS helps companies realize the full value of information technology from anywhere at any time.
Tasks:
Cybersecurity Audit:
1. Developing security policies and procedures based on industry standards, government regulations, and best practices (such as NIST, SANS, ISO 27001, PCI-DSS, SOC 1-2)
2. Implementing security measures such as firewalls, encryption technology, and data backups to protect against unauthorized access to data
3. Monitoring security systems to ensure that they are functioning properly
4. Managing risk by assessing vulnerability of systems to cyber-attacks or other security breaches
5. Developing security awareness training programs for employees on topics such as social engineering, phishing scams, malware infections, and data loss prevention methods
6. Working with external security auditors to make sure that security measures are adequate
7. Responding to security incidents such as data breaches or cyber-attacks by identifying their cause and taking corrective action to prevent them from happening again in the future
8. Performing security assessments on hardware and software applications to identify any vulnerabilities that could be exploited by hackers or malicious insiders
9. Creating and maintaining a Disaster Recovery Plan (DRP) to ensure that business operations can be restored after a disaster such as a fire or flood
10. Verification and validation of the audit checklists as per the developed framework, knowledge of baseline security controls
11. Understands the frameworks and recommends applicable controls specific to the environment and systems
12. Develop Audit reports for clients’ environment
13. Identify the gaps and coordinate with the stakeholders for closure of gaps
14. Experience in planning audit and assessment activities
15. Perform cybersecurity criticality assessment of the systems
16. Recommend mitigation actions as per the assessment
17. Experience of penetration in a control systems environment
Skills and Qualifications
1. Bachelor's Degree in Information Technology or related technical field.
2. The candidate should have a minimum of 2+ years of either Information Security Risk or Cyber Security Risk experience.
3. 1+ years in cloud-based environments (Microsoft 365, AWS, GCP, Azure, etc.)
4. Must have experience in working on data security awareness programs and conducting data security policies enforcement training.
5. Sound working knowledge of industry best practices (NIST, ISO, SANS, COBIT, CERT) and Legislative and Regulatory and Industry Compliance Requirements (PCI-DSS etc.).
6. Must have exceptional written, verbal, and presentation communication skills.
7. Ability to translate business requirements into control objectives.
pGreat Sys/p