Information Security Compliance Specialist, AS

Role Description

The Information Security Compliance and governance position is responsible for

• Governing and managing the compliance team's key activities like MS patching, desktop applications, information security control enforcement, cybersecurity awareness and reporting
• Carry out application threat modelling and applications risk identification & remediation
• Track all audit schedules and ensure closure of all security gaps
• Perform security and compliance assessments on new and existing end user devices, processes, technology.
• Good to know- VM, Antimalware experience, sec ops experience, Privilege management

Your key responsibilities

• Perform security and compliance assessments on new and existing systems, processes, technology.
• Maintain application inventory and perform business impact analysis for applications
• Experience in manual verification of false positives reported by automated tool
• Responsible for understanding, reviewing, and interpreting vulnerability assessment scanning results
• Track SLAs and document deliverables for the vulnerability assessment program
• Analyze threat information gathered from security sources.
• Devise and enforce standards and best practices in line with international standards and industry best practice
• Identify security solutions as per business needs
• Track all audit schedules and ensure closure of all security gaps
• Support internal and external audit process for relevant compliance concerns
• Co-ordinate for Risk Assessment of IT systems and Third Party workload
• Broad understanding of all information security disciplines with emphasis on vulnerability management, data protection, infrastructure security, application security
• Work with various business units to ensure controls are adequate, appropriate, and effective.
• Interface with global IT and business partners to provide guidance and support.
• Perform periodic gap assessments to validate compliance on an ongoing basis.
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.

Your skills and experience

• Automation skills using SQL /Power Automate
• Understanding of Microsoft SCCM tool and MS patch management process
• Operational understanding of Intune and Azure security
• Sound knowledge on Windows and MAC OS, Application behavior
• Experience in preparing HLD or LLD
• Knowledge on MDM and MAM is preferrable
• Good to have knowledge on application packaging and application virtualization
• Knowledge of any of the controls framework like ISO 27001:2022, NIST or COBIT
• Able to cope well under pressure and meet deadlines
• Eye for detail and willingness to question current state practices
• Independent, self-motivated and a team player.
• Ability to apply regulatory guidance to review process in absence of written policy
• Excellent verbal and written communication skills
• Strong time management, organizational, planning and follow-up skills; ability to multi-task effectively
• Strong analytical and problem-solving skills.
• Strong interpersonal skills; ability to partner with internal partners and leverage internal resources
• Strong capacity to assimilate other stakeholders perspectives and fast learning abilities
• Proficient in MS Office applications

Experience

• At least 7 years of progressive experience in IT with 5 years dedicated exposure in Information Security
• Technical background with hands-on experience across a variety of technologies
• Effective communication skills to be able to manage relationships with clients virtually
• Experience of working in a highly-matrixed environment, and accustomed to bridging the gap between disparate organizations and cultures.
• Proven ability to prioritize competing demands.