Information Security and Compliance auditor

JD: Information Security and Compliance auditor

What We're Looking For
We are seeking a skilled and dedicated Information Security and Compliance auditor to join our team. As an Information Security Specialist, you will play a crucial role in safeguarding our digital infrastructure and ensuring compliance with industry standards and regulations. You will be responsible for implementing and maintaining security measures, conducting risk assessments, and responding to security incidents. The ideal candidate will have a strong technical background in cybersecurity, excellent problem-solving skills, and a proactive approach to identifying and mitigating security risks.
Basic Qualification:
• 5+ years of experience in InfoSec
• Excellent analytical and problem-solving skills with the ability to prioritize and manage multiple tasks effectively.
• Experience in creating security policies for vulnerability management, NextGen AV, IDS/IPS, endpoint protection solutions, and SIEM security applications.
• Experience in conducting regular security assessments and audits to identify vulnerabilities and risks.
• Experience in monitoring network traffic for suspicious activity and respond to security incidents in a timely manner.
• Automating various activities using Python programming language
• Strong understanding of network security principles, protocols, and technologies.
• Strong communication and interpersonal skills with the ability to collaborate effectively with cross-functional teams.

• Good knowledge of system security and cloud security (AWS/Azure)
• Good knowledge of system and web application (OWASP) vulnerabilities
• Ability to handle multiple tasks and conflicting priorities.

Role & Responsibilities:

• Vulnerability Management: Conduct regular vulnerability assessments to identify security weaknesses in the organization's systems and applications. Develop and implement remediation plans to address identified vulnerabilities and ensure compliance with security best practices.
• Security Policy and Compliance: Develop, implement, and update security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices. Collaborate with cross-functional teams to implement security best practices and ensure compliance with regulatory requirements (e.g., SOC-2, HIPAA, HITRUST).
  
• Security Tool Management: Manage and maintain security tools such as Firewall, NextGen AV, DLP Solution, endpoint security solutions, Microsoft 365, and other security technologies to ensure optimal performance and effectiveness.
• Security Monitoring and Incident Response: Monitor security alerts and events using SIEM and other security monitoring tools. Investigate and respond to security incidents in a timely manner, including analysis of security logs, identification of root causes, and implementation of corrective actions to mitigate risks.
• Incident Reporting and Documentation: Prepare detailed incident reports documenting security incidents, response activities, and lessons learned. Communicate findings to relevant stakeholders, including management and IT teams, and provide recommendations for improving security posture.
• Threat Intelligence and Research: Stay informed about the latest cybersecurity threats, vulnerabilities, and attack techniques. Conduct threat intelligence research to identify emerging threats and trends, and proactively implement measures to defend against potential security risks.
• Information Security Strategy: Develop and implement an information security strategy aligned with industry best practices and regulatory requirements for the survey and insurance sectors.
• Security Policies and Procedures: Develop and enforce information security policies, standards, and procedures to ensure compliance with relevant regulations and industry standards.
• Security Awareness Training: Develop and deliver security awareness training programs to educate employees about information security best practices and their roles and responsibilities in maintaining security.
• Security Compliance: Ensure compliance with relevant regulations, such as GDPR, HIPAA, and PCI-DSS, put in place the procedures and practices towards this, and regular monitoring to ensure compliance.
• Security Audits and Assessments: Coordinate and participate in security audits, assessments, and certifications, including HIPAA, SOC 2, and PCI-DSS.
• Security Incident Response: Lead and coordinate the response to security incidents and breaches, including investigation, containment, eradication, and recovery efforts