eSec Forte Technologies - Consultant/Senior Consultant - Information Security (2-5 yrs)

Key Responsibilities:

- Perform comprehensive information security audits and assessments based on compliance obligations, regulatory controls, and industry best practices.

- Identify vulnerabilities and gaps in the security posture and recommend improvements.

- Ensure all assigned engagements adhere to ISO 27001 standards, internal control principles, and related regulatory frameworks.

- Work to meet the contractual requirements set by clients and ensure full compliance with data protection regulations (e.g., GDPR, HIPAA, etc.

- Ensuring only authorized individuals have access to information and systems.

- Verifying plans for recovery in case of system failure.

- Assessing the security of daily operations and procedures.

- Ensuring all assets (both physical and digital) are properly inventoried, protected, and managed.

- Ensuring that technical and software controls are secure and functioning.

- Perform periodic physical security audits to ensure facilities are compliant with organizational standards and external regulations.

- Ensure overall physical security measures are in place to safeguard organizational assets.

- Conduct regular assessments of end-user security practices, ensuring compliance with internal security policies.

- Provide training and awareness programs to ensure end-users adhere to best security practices.

- Test the effectiveness of security controls in a live environment, such as performing penetration tests, vulnerability scans, and evaluating access management systems.

- Report findings, document risks, and work with relevant teams to implement corrective actions.

- Maintain clear and accurate documentation of assessments, audits, compliance reports, and remediation efforts.

- Create and present detailed reports on security vulnerabilities, risks, and corrective actions to senior management.

- 2-5 years of experience working in Information Security, particularly focused on compliance, risk management, and audits.

- Hands-on experience with security frameworks like ISO 27001, NIST, PCI-DSS, GDPR, etc.

- Familiarity with security tools and software (e.g., vulnerability scanners, SIEM tools).

- Strong knowledge of network security, data protection, risk management, and business continuity planning.

- Experience with security testing tools for assessing the effectiveness of controls.

- Excellent communication skills to document and report security findings and compliance gaps.

- Ability to work independently and as part of a team.

- Strong problem-solving skills and attention to detail.