IT Security Manager

Company Name: Navigant BPM (India) Private Limited, 

Closing on:  10/10/2018

Contact email : anoop.krishnan@navigantbpm.com

Brief description :

• Manage internal compliance review process and risk assessment. Provide continuous reviews of operational processes to validate they align with compliance goals. Document identified compliance issues and track remediation efforts.
• Perform network and web application ethical hacking assessments on the infrastructure and application systems. This involves performing penetration testing or vulnerability assessments of web applications, networks, wireless implementations firewalls and other endpoints or services.
• Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls
• Coordinate with IT Leadership and IT teams to remediate identified issues. 
• Validate remedial actions and ensure compliance with information security policy and regulatory requirements
• Interact with employees to receive requests, triage, troubleshoot and resolve security issues
• Write and maintain documentation related to security design, implementation and practices
• Provide security training where needed
• Strong knowledge of information security principles, standards, practices and technologies for various applications and operating systems including mobile operating systems.
• Demonstrated experience with network and IT security components, including firewalls, intrusion detection systems, anti-malware software, data encryption, VPN’s, vulnerability scanners, server operating systems, and other industry-standard techniques and practices.
• Demonstrated expertise with security assessment processes, vulnerability assessment & penetration testing techniques and tools.
• Knowledge and understanding of security standards and regulations such as ISO 27001:2013, NIST, etc.
• Knowledge of regulatory requirements of PCI, HIPAA, SOX, etc.
• Strong knowledge of common web and mobile application vulnerabilities, such as the OWASP top 10 for web and mobile.
• Ability to research and analyze data and problems, develop appropriate solutions and concisely and clearly communicate to stakeholders.
• Experience in generate customized testing scripts in common languages such as python, ruby, pearl, bash, etc.
• Remain current and relevant with knowledge and techniques in the security and compliance space. Use this knowledge to review and continuously improve the existing security process.
• Experience, Certifications & Education
• Engineering/Science graduate/post-graduate with 10-12 years of relevant experience in IT Security operations and IT Compliance
• Should have handled team size of 10-15 having Engineers, Seniors, TLs.
• Experience in implementing IT security standards like ISO 27001:2013.
• Security certifications like CEH, ECSA, CISSP, CISA, CISM, etc. Any one of these certifications is mandatory.
• Experience with Security Event and Information Management, Data Management, Data Loss Prevention, Vulnerability tools
• Strong conceptual understanding of Information Security, Desktop Computing, Patch Management, Vulnerability Management, Microsoft Applications, Database design
• Experience with identifying risks to the computing environment and working with IT teams to remediate
• Professional demeanor and strong customer service skills
• Ability to ensure confidentiality and integrity of work performed
• Must be able to communicate complex technical details to technical and non-technical staff, both oral and written
• Excellent troubleshooting and problem solving skills
• Must be able to prioritize tasks and effectively multitask
• Practical scripting experience (enscript, regular expressions, grep )
• Ability to work independently and as part of a team
• Personal Attributes
• Excellent communication skills, with strong verbal and writing proficiencies.
• Ability to positively influence and persuade individuals of varying levels.
• A proactive customer centric approach.
• Strong work ethic with commitment and time management skills.
• Ability to exercise judgement within procedures and practices to determine appropriate action
• Ability to manage and prioritize multiple work requirements to meet deadlines
• Ability to work independently and in a team environment.
• Good planning, commitment and time-keeping skills
• Excellent Planning, Reasoning, Analytical and problem solving skills
• Prior experience in working as part of a MNC with diverse and geographically dispersed team.
• Excellent learning skills .

Key Tools in which working knowledge is preferred

1)    Sumo Logic
2)    Symantec Data Loss Prevention
3)    Symantec/ Elasctica Cloud Access Security Broker
4)    PaloAlto firewall
5)    Cisco ACS Reporting
6)    Dell Secure works Intrusion Detection
7)    Rapid7 Nexpose vulnerability scanner
8)    Nessus/Tenable IO Vulnerability Scanner
9)    Crowdstrike
10) Tripwire
11) Proofpoint
12) IBM QRadar
13) Intune – MDM
14) 5thColumn
Preferred skills