Purpose of the Job:
To performs & analyze all procedures necessary to ensure the safety of information systems and to protect systems from intentional or inadvertent access or destruction under the limits of ISO 27001, ISO 27005, ISO 27017 and organizational SOPs.
Functions & Responsibilities (duties to be performed by this position)
Information Security Management and Operations
- To Identify and analyze risks related to information security, update risk register in order to evaluate risk levels.
- To prepare risk treatment plan as per the procedure, implement the approved treatment plan in order to reduce the risk to an acceptable level.
- To monitor the information security controls in order to ensure compliance as per the policies and procedures of the organization.
- To report the information security incidents, identify the root cause analysis, suggest corrective and preventive action plan, implement the approved treatment plan in order to minimize the impact on business services and prevent future occurrence of the same incident.
- To Implement, monitor and suggest the improvements in information security management in order to ensure compliance as per the service management standard.
- To prepare and maintain policies & procedures as per standard requirements and as per management directions, enforce policies and procedures in the company through compliance reviews in order to maintain & implement IS standards in the company.
- To Manage & provide technical support for Symantec end point protection including application & database security, backup & recovery, patches and upgrades and resolving all other problems related to AV in order to ensure smooth service delivery.
- To take regular backups of the tools, Data under the ownership of IS Team in order to ensure business/service continuity in case of incident/disaster
- To resolve issues received through OTRS with respect to ERP role based security and Symantec and plus connectivity issues (level-2 support) in order to keep the services uninterrupted for internal clients.
- Create & assign security roles to the employees as per the requirement initiated by the approved authority in order to implement role based security in ERP for segregation of the duties as per the company procedures.
- Troubleshoot all ERP security related issues faced by the end users and resolve tickets as per the agreed OLA in order to ensure smooth operations of ERP.
- Enable and disable user accounts on joining and exits in order ensure access rights management as per the policy.
- To grant access of different privileges on several production systems to a user depending on the department requirements.
- To review the roles assigned to the employees in order to monitor and verify access rights management as per the policy
- To coordinate & prepare external audit for third party audit, develop action items as per external audit report for the remediation of Non-Compliance in order ensure compliance with standards.
- To prepare internal audit plan and discuss with supervisor, intimate relevant stakeholders, conduct internal audit, prepare audit report, develop action items/recommendation in order to prepare internal systems for external audit
Proof of Concept
- To conduct Proof of concept environment, deploy the product/process, give demos to client and coordinate with vendors in order to ensure deployment as per company and client requirements.
- To prepare and conduct information security awareness training session in order to ensure employees awareness regarding Information Security
- Any other task assigned by Supervisor.
Required Skills and Knowledge Areas:
- Information Security Management
- Information Security Operations
- Information Security Standards
- Documentation & Reporting
- Penetration Testing
- Disaster Recovery
- Risk Management
- ISO 27001
- ISO 27005
- ISO 27017
- SOC tools
- Nessus or similar tools
- ERP Security
- MS Office
- Stress Management
- Time Management
- Communication Skills
- Client Management
- Counseling Skills
- Decision Making