Job Description

JOB PURPOSE This role will be focused on security operations' delivery. Participate in establishing a program to deter, detect and mitigate risks, including establishing capability to monitor and audit information, evaluate personnel security informa

JOB PURPOSE This role will be focused on security operations' delivery. Participate in establishing a program to deter, detect and mitigate risks, including establishing capability to monitor and audit information, evaluate personnel security information, establish employee awareness, driving assurance test and supporting internal and external audits. Consult with Business to ensure balance is maintained with compliance to deliver the best security solution within the contractual, regulatory and CNX standard offering limits. Involvement in technical discussions and solutions to ensure best and the out-of-the-box ideas are disseminated to meet security with business. Responsible for driving governance around the assurance tests like the security health check of the servers, network devices, vulnerability assessment of the infrastructure, ID Validation etc. to ensure the Corporate Security Standard is established and measured as per the requirement. Require results to be achieved through direct interaction as well as influencing other internal groups or individuals. Support incidence response and investigations, as required ORG LEVEL Sr. Consultant - Career Level - 7 ACCOUNTABILITY Global accountability for : Driving and approving implementation of security tools Driving information security program in collaboration with the security technology and operations team Shaping the emerging model of the global Security practice. Support multiple sites and co-ordinate non-compliances with DPEs to ensure balance of business with compliance Ensure regulatory requirements control objectives like PCI, FFIEC, HIPAA, SSAE16 are met at the location Ensure customer compliances are met as per expectations. Understand overall risk in the environment and suggest ways to reduce to an acceptable level. Performing proactive risk assessment and ensure corrective action are taken Understand and able to interpret the contractual requirements for reviewing the business needs Approve business requirements based on risk assessment Think out of the box to meet the adhoc solution requirements from Information Security front Plan interaction and meet with Business leadership to ensure close rapport and right representation of the security deliveries AREAS OF RESPONSIBILITY Compliance to CNX Security standards Accountable for creating governance to Security Calendar Activities like TCP/IP scanning, ID Validation, Health checks, Logs review, Anti-Virus management, Patch Management, Business Continuity needs, on schedule and ensure closure of all related tasks, to ensure the security assurance of the infrastructure is as high as the acceptable industry standard and the CNX tolerance Monitor Ensure governance of IT Security processes & practices, operations' delivery and take corrective action as required. Drive CNX/Client/Internal/External and regulatory Standards (PCI, ISO 27001, SSAE16, APRA, FFIEC etc.). Identify customer requirements/contractual obligations and ensure compliance at the location Understanding of the Global Security requirements, Regulatory, cross country laws, contract interpretation and maintain security & compliance while balancing the business requirement Support new solutions as required Support new transitions of business processes as required and understand / deliver as per the contractual requirement and CNX standards Ensure compliance to internal and client requirements during transition and during ramp down Performing proactive risk assessments Analyze, make recommendation and ensure Publishing dashboards on a regular basis Provide global practice leadership by facilitating a community of likeminded practitioners to share and exchange ideas for practice growth and improvement. Contribute content and advice to the offering development process. Help shape the emerging model of the global Security practice. SKILLS & REQUIREMENTS Knowledge of Security Tools like Symantec Endpoint Protection, Nessus, IPS, Websense, SIEM, Content Filter, DLP, Anti-virus and other security perimeter and network tools Ability to handle and analyze data security incidents and correlate them with relevant evidence as and when required Security Log Analysis and correlation and taking proper required action Basic understanding of Windows security architectures (Domain, Trusts, Group Polices, Security Logs, Authentication etc), firewalls (ACLs, Logging, Authentication etc), routers (Routing, Redundancy, Failover, RADIUS Authentication etc) Basic understanding of UNIX Technologies (Linux etc.) like Installation, TCP/IP Configuration, IPTABLES, DNS etc will be an added advantage Hands on experience on Risk Assessment and Auditing - Against Industry standard like ISO27001, Contractual Requirements, regulatory requirements like SSAE18, PCI, FFIEC and generate risk reports Good communication skill both verbal and written Good English is mandatory Understand the business, client requirements and industry standards develop secured solutions Ability to think rationally on the business and client security requirements and address them Good Documentation and presentation Skills Should be constantly updated with latest Vulnerabilities, Threats, Standards & Framework of Information Security 12 to 15 yrs. (With at least 8-9 years in Information Security & Compliance, preferably including 6+ years of people management experience) CERTIFICATION(S): At least one security certification will be required: CISA, CISM, CISSP or any other Industry standard certification