Job Description

Job Title: Senior Consultant Information Security - IT

Job Purpose: Acting in a key technical management & execution capacity to

provide a conduit between IT teams and key business stakeholders thereby

ensuring information technology needs are managed consistently, following

professional IT and global standards, and delivered with a high quality and

customer satisfaction.

Reward level: Middle Management

Job Location Gurgaon

Experience 7 years

Relevant Experience 7 years

Reporting to: General Manager

Qualification: Bachelor's degree in IT and relevant Information Security

Certifications

Key Deliverables:

? Provide support as Lead implementor towards ISMS and PIMS policies,

procedures, and guidelines and ensure to perform regular review and update.

? Gather evidence of continuous compliance with ISO 27001:2022 and ISO

27701:2019, DPDPA, IT Act and Cert In Regulation including audit logs,

records of reviews, timely closure of open audit and risks and sharing the

report with management.

? Conduct regular, documented information security and privacy risk

assessments on Security Tools and Technologies by identifying assets,

threats, vulnerabilities, likelihood, and impact.

? Prioritize identified vulnerabilities, detailed findings, remediation

recommendations, trending reports on vulnerability posture towards closure

with stakeholders.

? Implementation of a comprehensive, ongoing security project plan for

remediation of open audit gaps.

? Prepare regular report on overall information security posture, GRC maturity,

and risk landscape to relevant stakeholders

? Perform Root Cause Analysis and lessons learned from information security

incidents, actively participate in audits and support internal IT staff to perform

technical assessments and controls with evidence.

Key Relationships:

? Internal IT and business customers in MSR.

? Global/Local IT Vendor, market and global (HQ) colleagues,

? Internal staff - direct reports (where applicable)

? IT vendors, contractors (where applicable)

Knowledge Skills and Abilities:

? Must have ISO 27001 Lead Implementer and ISO 27701 Lead Implementer

certifications.

? In depth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as

well as UK DPA and ISO 31000

? Good to have certification on CISM (Certified Information Security Manager),

CISSP (Certified Information Systems Security Professional) and Cloud Security

certifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty)

? Familiarity with common vulnerability scanning tools like Qualys (features,

reporting, agent-based vs. network scans) and Cloud Security Posture

Management (CSPM) tools like Wiz (cloud service provider configurations,

misconfigurations, compliance checks in AWS, Azure, GCP).

? Conduct and lead IT DR drills and Tabletop exercises with internal IT teams.

? Hands on knowledge on common security technologies (e.g., firewalls, EDR,

Cloud Security, VAPT tools, SIEM, WAF, DLP, PAM, BAS, encryption etc.,).

? Ability to handle and manage Endpoint, Perimeter, Cloud and Data Security

technical consoles with configuration and fine tuning of policies.

? Understanding of various penetration testing types (e.g., network, web

application, API, mobile, cloud) and methodologies

? Knowledge of common attack vectors and exploitation techniques like MITRE

ATTACK and DEFEND, NIST Cyber Security Framework.

? Excellent technical writing skills for creating clear, concise, and comprehensive

security policies, standards, and procedures.

? Ability to analyse complex risk data and present actionable insights.

? Proficiency with GRC platforms or tools for managing policies, risks, and controls

? Exceptional verbal and written communication skills to articulate complex security

concepts to technical and non-technical stakeholders

? Strong technical skills to diagnose security issues, identify root causes, and

develop effective solutions.

? Ability to develop and deliver engaging security training sessions and awareness

campaigns to internal IT staff.

? Ability to stay updated with the latest security threats, vulnerabilities,

technologies, and regulatory changes.

mail updated resume with salary details-

email: etalenthire@ gmail.com

satish- 88O2749743

Job Type: Full-time

Pay: ?1,200,022.66 - ?1,865,134.32 per year

Ability to commute/relocate:

Gurgaon, Haryana: Reliably commute or planning to relocate before starting work (Preferred)
Application Question(s):

Do you have certification of ISO 27001 Lead Implementer ? current ctc ? expected ctc ? notice period ? current location ? would you be comfortable with job location (Gurgaon) ?
Experience:

Information security: 6 years (Preferred)
Work Location: In person