Life is Short! Work Somewhere Awesome.
Mercer Talent Enterprise is hiring experienced Senior IT Security Professional.
Key Responsibilities
- Monitor, report, and protect the safety of the company data, and adherence the local and international security compliances
- Analyse security logs and alerts to identify and investigate threats.
- Conduct periodic vulnerability assessments and penetration testing to proactively identify weaknesses.
- Continually enhance the security posture of the company by frequent review and implementing measures.
- Lead and perform security control gap assessments against industry standards and security regulatory requirements to evaluate control design and operating effectiveness
- Stay up to date on the latest security threats and vulnerabilities
- Define, draft and communicate potential security control improvement opportunities and paths to address based on requirements and industry experience,
- Support regulatory examinations across EU, UAE, KSA, US. and international regulatory regimes in partnership with Security and other GRC functions by reviewing and evaluating requests, coordinating with stakeholders to collect and QA artifacts, and track outcomes of regulatory examinations performed,
- Partner with Security Risk and Security Policy functions to ensure that security controls are reflected properly in our Security Risk Review, Security Policy requirements, and other governance processes,
- Support Security Compliance, Information Security, and Engineering stakeholders in identifying and executing on continuous control monitoring opportunities,
- Work closely with control owners and internal and external auditors on control operation and related documentation
- Communicate progress, escalations, and issue resolutions to management and team stakeholders
- Create procedural documentation, including training materials that support how we support control owners in risk to control analysis, control narratives, and how we operate as a Security Compliance team in the form of runbooks for new processes.
Required Experience or Skills
- 4+ years of security, IT compliance (internal or external audit) or equivalent experience
- 2-4 years of technical cyber security experience, with hands-on experience in vulnerability assessment and/or incident response (e.g., SOC Analyst, etc.).
- A bachelor degree in Cyber Security, Information Systems, or a combination of education and experience.
- Security+ certification or GIAC/SANS certifications highly desired
- Knowledge and practical experience with policy and regulatory mandates such as COBIT, SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, CCPA, PCI-DSS and NIST Risk Management Framework and associated standards such as sp800-34, sp800-53, FedRAMP, CMMC, etc.;
- Prior consulting experience in Cybersecurity
- Prior experience working closely with auditors and/or external regulators
- Experience with compliance initiatives from start to finish
- Experience sourcing, interpreting, and reporting on data via data visualization tools
- Outstanding written and spoken communication skills
- Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with light supervision
You'll get:
- Competitive salary with health benefits
- An extremely energising, dynamic and fast paced entrepreneurial working culture and environment
- An opportunity to travel to international locations where our clients may be based
- Latest laptop, devices and technologies for your needs
- Unique and supportive opportunities to progress in your career
- On-going team and professional development
Where:
India - Remote
About Mercer Talent Enterprise
Mercer Talent Enterprise is a global leader in talent assessment, technology, and leadership development. As the world’s first and only company to pioneer the science of Behaviourmetrics®, we empower organizations to make critical people decisions by blending contemporary psychometric tools and assessment solutions with the latest advances in artificial intelligence and data science.
Similar jobs
achelor of Engineering or Technology; or any degree on par;
· 12-15 years of Experience in security and similar areas solution/product development, design, etc
· Minimum 7-8 years of experience in an Enterprise or Cyber Security practice dedicated role
· Experience in Enterprise deployment of security with in depth knowledge of security, implementing security solutions and working closely with global customer accounts.
· Proficient with concepts like SOC, OWASP Top 10 etc
· Understanding of Enterprise Cyber security models like Mitre ATTACK and roadmap modelling.
· Excellent analytical and problem-solving skills to drive product development
· Excellent communicator, whether writing, speaking or presenting
· Experience gathering and analysing data to create useful metrics that support positive change
We are seeking a highly skilled and experienced Subject Matter Expert (SME) to join our team and provide valuable insights and analysis on our cybersecurity training content and competitors. Our business vertical focuses on delivering automated cybersecurity training through a software platform to over 1 million employees of our 150+ global customers. We cater to various industries and diverse backgrounds, with different levels of technical expertise. Thus, we create a diversified variety of content to cater to the training requirements of different user groups and personas. The SME's role will be pivotal in ensuring efficient and effective cybersecurity awareness training by creating high-quality content.
Responsibilities:
● Review and evaluate cybersecurity awareness content to ensure accuracy, relevance, and effectiveness.
● Write industry-specific technical content to cater to the diversified audience.
● Provide feedback and recommendations to improve content quality and alignment with industry standards.
● Conduct competitive analysis to identify industry trends, best practices, and potential gaps in our offerings.
● Analyze global competitor strategies and offerings to identify strengths, weaknesses, and opportunities that benefit our customers.
● Stay up-to-date with the latest cybersecurity trends and industry developments to ensure our offerings remain competitive.
● Collaborate with cross-functional teams to ensure content is aligned with marketing and sales strategies.
● Identify and refine complex security problems in a simplified and layman way.
Qualifications:
● Bachelor's degree or certifications in cybersecurity, computer science, or a related field.
● Minimum of 3-5 years of experience in cybersecurity content writing and competitive analysis.
● Strong knowledge of cybersecurity concepts and best practices.
● Experience with analyzing competitor strategies and offerings.
● Excellent communication and collaboration skills.
● Strong analytical and critical thinking skills.
● Self-motivated and able to work independently.
● Ability to adapt to changing priorities and deadlines.
If you are a cybersecurity professional with a passion for creating high-quality content and analyzing the cybersecurity industry's latest trends and developments, we encourage you to apply. Join our team and help us deliver top-notch cybersecurity awareness training to our global customers.
- Develop efficient strategies to protect the system, the networking infrastructure, data, and information systems against potential threats/cyber risks
- Routinely performing threat analysis, system checks, and security tests
- Defining and updating information security criteria and validation procedures
- Effectively discuss to understand safety and security and fix the problems along with different stakeholders
- To be a security representative or point of contact for all technical deliveries, initiatives, and project implementations.
- To develop technical processes and procedures and promote compliance in line with regulations, corporate policies, or standards as per ISO27001
- Assess technical security risks in terms of impact on systems and service confidentiality, integrity, and availability, and report and escalate results of risk assessments.
- Report any real or potential security breaches/vulnerabilities to various stakeholders and provide technical support during incident response
- Monitor security tools to detect security events & incidents Report and escalate any security breaches to the Information Technology Security Officer
- Operate vulnerability scanning and compliance tools to identify system weaknesses
- Represent IT Security matters at technical and business forums.
Desired candidate profile :
- Relevant experience in the information security field
- Relevant experience working with ISO Policies, and GDPR guidelines.
- Strong knowledge of network architecture and security concepts related to routing
- Exceptional attention to detail
- Excellent analytical and problem-solving skills
- Great team player and able to work efficiently with minimal supervision
- Excellent communication skills, both written and verbal, work with the different stakeholders on strengthening the security risks.
- Able to handle and cope with stressful situations and understands the pressures of a start-up environment
Job Responsibilities:
Experience: 8 Yrs to 12 Yrs
- Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
- Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
- have done any submission on Bug crowd or Bug Bounty.
- have developed tools or scripts for web pen test on GitHub.
- Certified on OSCP
- Threat Modeling
- Network scan in stealth mode or simple scan using Nmap and Burp suite
Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Developing different ways to solve the existing threats and security issues.
Configuring and implementing intrusion detection systems and firewalls.
Security product development, testing, and implementation.
Responsible for security technology research, penetration testing, and vulnerability scanning.
Please follow the below inputs.
The shift will starts from 03:00 PM to 12 AM (fixed for few months),
OSCP certification(Not mandatory, preferable)
Below are the primary key skills:
Total Application Security Experience:
Total Security Architecture Experience:
IOT(optional)
MOBILE
WEB
AWS(Mandatory)
NETWORKING
THREAT MODELS
project.
• Deploying required database assets on production (DDL, DML)
• Good understanding of MySQL Replication (Master-slave, Master-Master, GTID-based)
• Understanding of MySQL partitioning.
• A better understanding of MySQL logs and Configuration.
• Ways to schedule backup and restoration.
• Good understanding of MySQL versions and their features.
• Good understanding of InnoDB-Engine.
• Exploring ways to optimize the current environment and also lay a good platform for new
projects.
• Able to understand and resolve any database related production outages
• Evaluate the organization’s security needs and establish best practices and standards accordingly.
• Designing, implementing, maintaining, overseeing, and upgrading all security measures needed to protect organizations’ data, systems, and networks.
• Responding to all security breaches to the network and associated systems.
• Troubleshooting all network and security issues and incidents.
• Routinely conduct penetration testing.
• Taking appropriate security measures to ensure that the organization's infrastructure and existing data are kept safe.
• Conducting testing and scans to identify any vulnerabilities in the network and system.
• Taking an active role in the change management process.
• Assist in any security breach investigations.
• Handling routine daily administrative tasks such as reporting and keeping open lines of communication with the organization’s appropriate departments.
Position: IT Auditor
Experience: 4-12 Years
Location: Pune
Key Skills Required:
CISA, CISSP, CISM, IT Audit, Technology Audit, IT Infrastructure Audit, Application Security Audit, Information Security Audit, Cyber Security Audit, Cloud Security, Ethical Hacker
Additional key words: Vulnerability assessment, Penetration Testing, ITGC testing, Cloud Computing,
IT AUDITOR is responsible to plan and perform the audit assignment starting from audit announcement, audit planning, field work, audit quality reviews, pre-closing / closing meetings with the respective Directors / Head of the Departments including writing of the audit report and its finalization as well as follow up of the audit actions. Additionally IT AUDITOR will also be responsible to:
• Evaluate IT systems, processes and projects in place;
• Determine risks to the Group’s information assets, and help identify methods to minimize those risks;
• Ensure information management processes are in compliance with IT-specific laws, policies and standards;
• Determine inefficiencies in IT systems, IT projects and associated management processes and
• Consult in IT projects, new initiatives and organizational frameworks.
Description
Audit Planning
1) Perform audits at Volkswagen Group entities. and other concerned Volkswagen Group Companies with focus on IT processes keeping the associated business risks in mind.
2) Participate in the preparation of audit objective & scope document along with audit schedule based on the audit objective and timeline specified by Head of IT Audit India Hub.
3) Participate in the preparation of work program
Audit Process
1) Prepare and conduct preparatory interviews with the Directors and Heads of the audited departments to identify the processes to be assessed during the audit.
2) Request and collect relevant audit data for analysis from respective business areas.
3) Prepare audit matrix on periodic basis to record the audit field work and update the progress of the audit to IT Audit Manager and the Head of IT Audit Hub India.
4) Define actions including relevant controls to mitigate the business risks identified based on the evidences provided during the audit.
5) Organize and conduct pre-closing meetings with business areas to agree upon audit observations and relevant actions.
6) Prepare and conduct closing meetings with the Directors / Heads of the Department for audited division to agree upon the audit observations, risks and proposed actions.
7) Prepare the draft audit report and submit the same to the IT Audit Manager and the Head of IT Audit India Hub for review.
8) Ensure that adequate documentation is prepared for the audit assignment. Peer review changes are done before release of the final audit report to the business area.
9) Contact business area to review the progress of the implementation of audit actions defined in the final audit report. Based on the review, write the status of the follow up and submit the same for upload in RIAS.
10) Obtain necessary certifications / qualifications to support the job requirements by attending relevant trainings
11) Support the conduction of unscheduled audits/special investigations and audits from the anti-corruption system.
12) Relevant knowledge is shared among the team members.
13) Consult in IT projects, new initiatives and organizational frameworks.
14) Ensure information management processes are in compliance with IT-specific laws, policies and standards.
15) Determine risks to the Group’s information assets, and help identify methods to minimize those risks.
16) Evaluate IT systems, processes and projects in place.
17) Determine inefficiencies in IT systems, IT projects and associated management processes.
InVideo is looking for a content associate to take charge of their internal content creation process. The candidate will be responsible for the production of video templates for the InVideo tool that has 5000+ templates currently.
An ideal candidate should have:
- An in-depth understanding of global content trends.
- Strong authority and presence on all social media platforms.
- Understanding of video as a medium and how to communicate using the same
- Excellent command over the English language - verbal and written.
- 2 to 4 years of experience in content creation on digital and most social domains.
- Experience in working with a medium-size creative team.
The duties of the candidate would be, but not limited to:
- Conceptualising content for the templates along with creative product and growth leads.
- Curating scripts for templates and social media, in line with the current trends.
- Foreseeing emerging content trends and leveraging them in the platform strategy.
ensuring that the design team is able to visually convert content into templates.
- Growing & Managing our network of external content providers to ensure quality and in-time delivery of video templates.
- Working with creative leads to design and build compelling high-quality digital content that can be converted into extraordinary templates.
- Researching and Understanding the digital medium overall and various use cases that dominate the domain.
- Must have good exposure working in SOAR (Security, Orchestration, Automation, Response)
- Strong knowledge in End user/ point security.
- Good hands on Cyber security like SIEM, IAM, PAM.
- Sound Knowledge into automated incident management using Demisto (or similar technology)
- Hands on creating playbooks in Python Scripting.
Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting