Job Description

JOB DESCRIPTION Role Proficiency: With strong knowledge and competence independently carry out the assigned tasks with minimal support from the supervisors. Handle the internal audits to ensure the compliance requirements of various applicable standards and more independently handle VAPT/Red Teaming assignments and involve in customer discussions to identify requirements. (Minimum Supervision) Outcomes: Handle the assigned tasks from the allocated domain with minimal guidance from the leads. (Domain Examples: BCMS Risk assessment Incident management HITRUST SOC Customer Assurance Awareness activities Data Privacy VAPT Red Teaming etc.) Should independently handle internal audits (with minimal support from the leads) to ensure compliance with ISO 27001/ISO 22301/ISO 27701 requirement as well as process specific requirements. Responsible for the effective documentation of internal audits (reports) with accurate mapping to control points. Point out the non-conforming areas and suggest measures to improve the information security posture. Understand IT Controls implementation and to conduct Risk Assessment. Involve with the leads in customer discussions to clearly identify/document the requirement. Perform Security Assessment scoping independently based on security standards like OWASP. Perform Web Application Penetration Testing Network Penetration Testing Mobile Penetration Testing and Code Review independently based on the guidance from leads. Learn and understand existing and emerging security practices with minimal guidance from the leads. Mentor A1 and A2 band employees Independently handle preparatory sessions and evidence collections from all applicable teams as part of any external audits Independently contribute to infosec awareness activities Contribute to establish a tracking and reporting strategy. Measures of Outcomes: Number of internal audits conducted or security assessments been a part of. Number of Areas of responsibility on cross domains Number of NCs in external audits Less than two stake holder escalations More than two appreciation from the stakeholders Outputs Expected: Documentation: Policy and Procedure amendments Awareness training materials Presentations decks for internal/ external discussions Audit /Security Assessment reports Process: Internal ISMS audits - independently carry out audits prepare audit reports and ensure timely closure of audit reports Compliance Audits - Representation in certification audits conduct preparatory session and evidence collection Infosec activities - training material conducting sessions co-ordinate with other teams for trainings conducting Customer Assurance - assist in customer assurance requirements and evidence collection Vulnerability Assessment and Penetration Testing/Red Teaming Activities CM activities Assisting the leads in executing other location responsibilities. Monitoring: Mentoring and monitoring the responsibilities of A1 and A2 band employees Training or certifications: 3 per year (1 certification and minimum 2 of UST training related to Information/Cyber Security domains) Skill Examples: Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions. Strong compliance auditing knowledge. Ability to interpret all scenarios applicable to the business for identifying the potential risks associated with various functions/services. Proficiency in Network Security Controls\' implementation like IAM IPS/IDS E-Mail Security Controls Cloud Security Controls etc. Detail oriented customer oriented result delivery oriented analytical thinking Strong Excel and Dashboard skills. Excellent Presentation and communication skills Excellent verbal and written communication skills required including the ability to effectively communicate in both highly technical and non-technical environments A great problem solver with the knack of coaching others to do the same Good at working in a team and with other teams Good time management A desire for continuous learning and skill development. Self-motivated and enthusiastic Knowledge Examples: Should have a strong understanding of concepts of Information Security Business Continuity Data Privacy VAPT Red Teaming and various compliance standards. Knowledge on ISO and other Compliance standards efficient to evaluate the security controls. Knowledge on ISO 22301/27001/9001/27701 Risk Management incident management awareness activities customer assurance etc. Knowledge on standard SDLC and project management life cycles. Knowledge on the operations of various functional units like HR REFM IT Finance etc. and units involved in IT Asset lifecycle management. Expert on security testing standards like OWASP Top Expert on Linux commands. Expert on Scripting Languages like Shell Script Python etc. Development and Testing knowledge would an added advantage. Hands on experience in RSA Archer Burp Suite Nessus Nmap Postman Genymotion MobSF Drozer etc. Good to have Certifications like ISO 27001/22301/9001/27701 Lead Auditor/Implementor CEH (MASTER) ECSA CASE OSWP etc. Additional Comments: IAM Architect IAM , Duties, and Responsibilities - A3 UST HealthProof (UST HP) Information Security is looking to expand staffing to hire an experienced Identity & Access Management (IAM) leader to oversee all aspects of IAM technology staff and solutions. The staff member will work under the direction of the InfoSec IAM Director assisting with strategic planning, design and execution of technical solutions within UST HP. Primary Duties . Develop and implement the organization\'s IAM strategy, policies, and standards to ensure the confidentiality, integrity, and availability of user identities and access controls. . Design and implement IAM solutions, including authentication, authorization, and federation mechanisms, to manage user identities and access controls across various systems and applications. . Provide project oversight and technical leadership to other IAM team members. . Collaborate with cross-functional teams to gather requirements, analyze business needs, and design IAM solutions that align with organizational goals, security policies, and regulatory requirements. . Conduct risk assessments and develop IAM risk mitigation strategies, including identity lifecycle management, privileged access management, and identity governance. . Define and document IAM architecture, including system components, data flows, integration points, and security controls. . Develop custom connectors, workflows, scripts, and other components to integrate IAM solutions with various systems, directories, and applications. . Evaluate, select, and implement IAM technologies, tools, and frameworks to meet business requirements and industry best practices. . Provide technical expertise and guidance on IAM best practices, technologies, and standards to stakeholders, including IT teams, business units, and external partners. . Monitor and analyze IAM system activities, detect and respond to security incidents, and implement security controls to mitigate risks. . Collaborate with application developers to implement authentication and authorization mechanisms for custom applications using IAM solutions. . Stay updated with the latest IAM and Cybersecurity trends and technologies and make recommendations for improvement and optimization. . Create and maintain documentation related to IAM architecture, design, configurations, and operational procedures. Qualifications . Bachelor\'s degree in Computer Science, Information Technology, or a related field. . Minimum of 3+ years of relevant work experience in Information Technology with 2 years dedicated to working as an IAM or similar role. . Minimum of 3 years of dedicated experience in ForgeRock Identity Platform technologies. . Knowledge of privileged access management (PAM) and identity governance and administration (IGA) concepts and technologies. . Experience with designing and implementing IAM solutions, including IAM frameworks, protocols, and standards, such as OAuth, SAML, OpenID Connect, and LDAP. . Proficiency in IAM technologies and tools, such as Microsoft Active Directory, Azure AD, Okta, Ping Identity, ForgeRock, CyberArk or similar IAM solutions. . Familiarity with scripting and automation languages commonly used within IAM such as PowerShell, KSH, Javascript, Groovy, Python and etc. . Proficiency with the following operating system environments: Microsoft Windows Server and Redhat Linux ES. . Familiarity with APIs, web services (RESTful and SOAP), and SOA (Service Oriented Architecture). . Proficiency with Internet Information Server (IIS), Apache Tomcat or similar web platforms. . Proficiency with MS SQL Server. . Relevant IAM certifications, such as CISSP, CISM, or IAM-specific certifications from vendors such as Microsoft, Okta, or ForgeRock, are a plus. . Proficiency with release management (and DevOps) of custom software. . Hands-on knowledge of the following technologies: LDAP, ADAM, Active Directory, PL/SQL, REST. . Ability to provide strategic guidance and direction, strong judgment especially relevant in balancing long term strategic investments with near term business goal. . Exceptional written, verbal, and interpersonal communications skills. . Positive, proactive, and able to always exercise the judgment. . Ability to work effectively with a variety of organizations, management levels, cultures, and personality. . Demonstrated ability to work independently or collaboratively.

foundit