· Maximum 5 years of Information Technology/Technology Operations/Information Security experience required.
· Minimum 3 years of experience in Cybersecurity, Identity & Access Management, Role Based Access Control, and Identity Governance is mandatory.
· Knowledge on User Life Cycle Management, Access provisioning, Access administration is must.
· Experience with technologies such as Role-Based Active Control (RBAC) and Attribute Based Access Control (ABAC) is required.
· Experience in User Access Re-certification activities is mandatory.
· Working knowledge on Active Directory is must.
· Working experience on any IAM tool (SailPoint/Okta/OneIdentity/Varonis/MIM) would be added advantage.
· Knowledge on Identity and Access Management role/processes/tools is must.
· Prior experience in processing IAM requests (Add/Modify/Delete) is must.
· Experienced in Incident management & Change Management processes.
· Knowledge of and the ability to adhere to SAS and SOX audit requirements pertaining to Identity & Access Management job requirements.
· Experience with work-flow management tools such as ServiceNow.
· Leveraging creative thinking and problem solving skills, individual initiative, and utilizing MS Office (Word, Excel, Access, and PowerPoint).
· Understanding personal and team roles; contributing to a positive working environment by building solid relationships with team members; proactively seeking guidance, clarification and feedback.
· Identifying and addressing business needs: building relationships with Stake Holders; developing an awareness of Firm services; communicating with the business/stake holders in an organized and knowledgeable manner; delivering clear requests for information; demonstrating flexibility in prioritizing and completing tasks; and communicating potential conflicts to a supervisor
· Experience performing user administration tasks for various in-house and third-party applications.
· Analyzing, prioritizing, and resolving faults to resolution. Resolve tickets according to SLAs and escalation procedures.
· Strong analytical, problem solving and organizational skills. Be proactive, dynamic, and flexible.
· Good Communication skills, able to articulate well with business and stakeholders.
· Education Qualification : Any graduate/post graduate with Computer Science background.
Subodh Popalwar
Software Engineer, Memorres
About OSBIndia Private Limited
Similar jobs
Security (AM/Executive)
• To design the security infrastructure / policies for the organisation, implement & monitor the same
• To ensure security compliance with respect to recommendations received from government agencies like CEA, NCIIPC
• Design, review, implement & monitor IT security related controls as part of Internal
• Controls, IFC, ERM
• ISMS certification (ISO 27001) for IT systems; this will include preparation and periodic review of policies and SOPs, regular trainings and maintaining records in prescribed formats
• Conducting internal security audit and generating reports by deploying VA tools
• Periodic security/VAPT audits and implementation of the findings
• IT security related new initiatives like - Security Operations Centre (SOC), Security Information and Event Management (SIEM), cloud security, EMM-enterprise mobility management
• Creating IT Security awareness within the organisation
achelor of Engineering or Technology; or any degree on par;
· 12-15 years of Experience in security and similar areas solution/product development, design, etc
· Minimum 7-8 years of experience in an Enterprise or Cyber Security practice dedicated role
· Experience in Enterprise deployment of security with in depth knowledge of security, implementing security solutions and working closely with global customer accounts.
· Proficient with concepts like SOC, OWASP Top 10 etc
· Understanding of Enterprise Cyber security models like Mitre ATTACK and roadmap modelling.
· Excellent analytical and problem-solving skills to drive product development
· Excellent communicator, whether writing, speaking or presenting
· Experience gathering and analysing data to create useful metrics that support positive change
- Develop efficient strategies to protect the system, the networking infrastructure, data, and information systems against potential threats/cyber risks
- Routinely performing threat analysis, system checks, and security tests
- Defining and updating information security criteria and validation procedures
- Effectively discuss to understand safety and security and fix the problems along with different stakeholders
- To be a security representative or point of contact for all technical deliveries, initiatives, and project implementations.
- To develop technical processes and procedures and promote compliance in line with regulations, corporate policies, or standards as per ISO27001
- Assess technical security risks in terms of impact on systems and service confidentiality, integrity, and availability, and report and escalate results of risk assessments.
- Report any real or potential security breaches/vulnerabilities to various stakeholders and provide technical support during incident response
- Monitor security tools to detect security events & incidents Report and escalate any security breaches to the Information Technology Security Officer
- Operate vulnerability scanning and compliance tools to identify system weaknesses
- Represent IT Security matters at technical and business forums.
Desired candidate profile :
- Relevant experience in the information security field
- Relevant experience working with ISO Policies, and GDPR guidelines.
- Strong knowledge of network architecture and security concepts related to routing
- Exceptional attention to detail
- Excellent analytical and problem-solving skills
- Great team player and able to work efficiently with minimal supervision
- Excellent communication skills, both written and verbal, work with the different stakeholders on strengthening the security risks.
- Able to handle and cope with stressful situations and understands the pressures of a start-up environment
CJob Brief:
You'll be joining Mindtickle’s InfoSec and Compliance team, which is responsible for various functions related to Security, Privacy, and Compliance around Mindtickle's rapidly growing cloud platform. You'll play a crucial role in all our compliance & information security initiatives, including but not limited to those arising from regulations (e.g., GDPR, CCPA, UK DPA 2018, FINRA), audit requirements (e.g., SOC 2, HIPAA), and customer/ prospects requests (typically large enterprises).
As Data Privacy & Compliance Manager, you will champion the highest data privacy standards and drive forward compliance across all of Mindtickle. Crucial to this role will be an expert knowledge of international data protection laws and a proactive and pragmatic approach towards data privacy and compliance.
Key Responsibilities:
-
Act as the single point of contact for all privacy-related topics, including communication with customers and prospects, including RFPs, emails, or privacy calls
-
Closely working with the internal legal team and external legal counsel to support the review of third parties/customer data processing addendums (DPAs), standard contractual clauses, contracts, and other data protection agreements
-
Maintain the data protection terms agreed with customers in a contract management software
-
Perform due diligence of new third parties and periodic risk review of existing third parties, including processes around sub-processors
-
Support in other industry compliance projects such as ADA, Section 508, WCAG, FINRA, 21 CFR Part 11, etc.
-
Lead the assessment of new legislation or other regulatory changes (GDPR, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP) and make recommendations as necessary to ensure that risks are mitigated as well as ongoing compliance
-
To work flexibly and collaboratively across all teams in the organization while driving privacy & compliance-related projects, including sales, customer success, product, and engineering
-
Own internal and external privacy audit projects, including planning, scoping, need analysis, ongoing project management, and communications with all relevant stakeholders
-
Onboard privacy solutions, design, build and deploy data privacy programs on the solutions to ensure compliance with privacy requirements
-
Maintain Records of Processing Activities (ROPA) and ensure Privacy By Design for new features/changes in the platform
-
Undertake all other reasonable and related tasks associated with this role
Desired Qualification:
-
5-10 years of experience in data privacy and compliance, with exposure to cloud software platforms
-
Extensive experience in data protection and knowledge of relevant legislation, including GDPR, Standard Contractual Clauses, Transfer Impact Assessment, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP, etc.
-
Certifications such as CIPP/E, CIPP/US, CIPM, CIPT, etc., are preferred
-
Specialist knowledge in a relevant area, e.g., data security and individual rights requests
-
Excellent communication, interpersonal, project management, and issue resolution skills
-
Excellent analytical skills, organizational skills, ingenuity, and the ability to work as part of a team
-
Experience in managing privacy audits and risk management processes
-
Demonstrated ability to learn quickly, take the initiative, and drive complex projects
What are we looking for?
An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.
Key Responsibilities & expectations from the candidate
- Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
- Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
- Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
- Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
- Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
- Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
- Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
- Ability to deal with the customers and vendors on Security and privacy matters.
- Knowledge of Core IT processes, SDLC, network infrastructure will be useful.
Personal Attributes
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues
- Ability to present ideas in business-friendly and user-friendly language.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Highly self-motivated and hardworking.
Qualification and certification
- Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
- Should be at least ISO 27001 lead auditor or lead implementer.
- 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.
What can you look for?
A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being here.
We are
It is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Company offers a suite of three products - Plum, Empuls, and Compass. Company works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Company is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.
Way forward
We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.
Job description – Information Security (Network)
Roles and Responsibilities
Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills
Work profile of individual
- As part of the company cyber security consulting team, individual’s primary role would be to work with ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
- Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
- Will be an active participant in internal / third party system security reviews and audits on customer engagements
- Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
- Will be responsible for implementation of new projects under Information Security Domain
- Will be able to manage document tracking and updating - policies, processes, procedures, templates etc.
- Will assist in development of proposals by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
- Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
- Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
- Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.
Team work
- Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
- Individual would predominately work with off-shore engagement teams and relevant teams on presale and cyber security delivery.
- Communication, written and verbal, with these teams would be expected.
- Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
- Team members would be required to handle multiple tasks at the same time.
- Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.
Desired Candidate Profile
- Bachelors
- Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
- Experience : 3-5 years
Knowledge Required:
- Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
- Good understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
- Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
- Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
- Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
- Good knowledge on Privacy, Governance and reporting
- Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
- Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
- Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.
Additional Responsibilities:
- Ability to assist in value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
- Good knowledge on software configuration management systems and license Management systems
- Awareness of latest technologies and Industry trends
- Logical thinking and problem solving skills along with an ability to collaborate
- Understanding of the financial processes for various types of projects and the various pricing models available
- Ability to assess the current processes, identify improvement areas and suggest the technology solutions
- One or two industry domain knowledge
- Client Interfacing skills
- Project and Team management
The Role
We are looking foran Information Security Analyst – Compliance to primarily strengthen our practice towards compliances such as HIPAA, HITRUST,etc. and ensure highest levels of security around sensitive data.
- Identifying new risks and performing risk assessments.
- Performing continuous gap analysis.
- Auditing the applications, configurations, and internal practices against standards such as HIPAA, HITRUST etc.
- Providing advice and implementing forward-thinking information security policies, procedures, and standards.
- Assisting several teams (internal and external) with best practicesand security consultations.
- Supporting with other information security activities as assigned.
- Ensuring the organizational compliance during audits and certification efforts.
Requirements:
- Demonstrated experience in implementing and maintaining security standards such as HIPAA, HITRUST, SOC2, ISO 27001 etc.
- Ability to understand and interpret legal, regulatory, and contractual compliance requirements.
- Experience in InfoSec policy creation and documentation.
- Ability to understand technology and pertaining risks.
- Knowledge on IT, Servers, SDLC, Database, etc.
- Experience working with / securing cloud-based applications is an add-on.
- 2+ years of experience.
- Excellent written and verbal communication skills.
- Relevant Security Certifications will be a good add-on.
Provides technical expertise and guidance in the identification, preservation, collection and analysis of digital evidence in various digital formats from computers, servers, mobile devices, and other electronic or online storage media.
Presents recommendations and findings to internal and external customers including Legal, Compliance, HR, Outside Counsel, and Law Enforcement.
Develops and maintains processes, procedures, and methodologies for collecting and analyzing digital evidence.
Maintains strong working relationships with other corporate investigation team members, subject matter experts, 3rd party vendors, and outside law firms.
Skills required:
Hands on experience on Digital Forensics for at least 4 years using digital tools such as X-Ways, AXIOM, FTK, Cellebrite, Oxygen, NUIX, etc
Experience of Computer, Mobile and Cloud Forensics cases
Expertise with Microsoft, Macintosh, and Unix Operating Systems
Strong understanding of network and cloud computing environments
Good to have certifications such as GCFA, Encase, CISSP, CFCE etc
IT Security Specialist
Roles and Responsibilities
- Extensive experience of 2-5 years in Vulnerability Assessment and Penetration testing, Web Application security.
- An Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, OWASP top 10 issues.
- Must have working experience in OWASP Top 10 Vulnerabilities Testing in Web applications.
- Create policy and standards for developers and testers to secure programming in the organization. (secure code review, static application security testing.
- Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP. Assessing cloud security risk (AWS and Azure) and recommending appropriate security controls.
- Ability to interact with project teams to understand the security requirements and come up with solutions
- Extensive knowledge of managing Web Application Firewall (Product) including rules management and product administration
- Strong understanding of networking concept.
Desired Candidate Profile
- Excellent knowledge of Microsoft Windows operating environments and with special attention to security and hardening issues.
- Able to work independently with minimal supervision.
- Good knowledge of secure software development standard, process, techniques, cloud security policies and tools.
- Keep stakeholders updated with communications and weekly reporting.
- Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
- Excellent communication skills - written, verbal, presentation and interpersonal.
- Willing to learn new skills and implement new technologies.
- Should come with bachelor’s degree in engineering, mathematics or master’s in computer application / programing.
Follow CutshortSubodh Popalwar
Software Engineer, Memorres