4+ Security audit Jobs in India

Position : India Practice Head We are seeking an experience and Dynamic individual to lead our Cyber Security services in India. As India Practice Head you will be responsible for driving business growth, managing client relationships, and delivering exceptional cyber security services to our clients. 

You will work closely with leadership team

to develop and execute the strategic plan for the India Practice. 

Key Responsibilities: 

• Lead the Cyber security services practice in India including business development, client relationships management, service delivery and offshore business execution coming from US 
• Develop and execute the strategic plan for the India practice in alignment with the global cybersecurity services strategy.  
• Build and maintain strong relationships with key clients and stakeholders, ensuring their needs are met and exceeded.  
• Drive business growth through the development of new services offerings, market analysis, and competitive intelligence.  
• Manage and mentor a team of cybersecurity professionals, providing guidance and support to ensure quality service delivery.  
• Ensure compliance with relevant laws, regulations, and industry standards in India.  

Requirements:  

• Bachelor's or Master's degree in Computer Science, Information Technology, or related field.  
• At least 15 years of experience in cybersecurity services, with a proven track record of successful business development and client relationship management.  
• Strong knowledge of cybersecurity frameworks and standards, such as ISO 27001, NIST, and PCI DSS, CERT-In 
• Experience in managing Departments and mentoring a team of cybersecurity professionals.  
• Excellent communication and interpersonal skills, with the ability to build and maintain strong relationships with clients and stakeholders.  
• Strong leadership skills, with a proven track record of building and leading high-performance teams. Experience in managing cyber security services for mid-enterprises. 
• Ability to research and evaluate potential solutions to determine suitability for the organization’s needs. Capability to work in a fast-paced environment and manage multiple projects simultaneously. 
• Keep up to date with the latest cybersecurity trends and technologies. 
• If you are a driven and experienced cybersecurity professional with a passion for leading and growing a practice, we encourage you to apply for this exciting opportunity. 

We are looking for a capable System Administrator to take over all aspects of the configuration and maintenance of computer systems. A System Admin should be able to diagnose and resolve problems quickly and should have the patience to communicate with a variety of interdisciplinary teams and users.

Monitoring and reporting all points mentioned below.

Ensure Security updates are installed:

• Regularly checking whether the Antivirus software is updated for users.
• Regularly monitor platforms like Google to ensure everybody is using up-to-date applications with no security issues.
• Regularly Email users about the security updates that they need to install on their laptops and PCs.

Antivirus

Centrally managed antivirus should be installed on all laptops and mobile devices. 

• Adding a purchase request for any additional licence that we might require.
• Pushing new software updates on users’ laptops.
• Keeping up-to-date with antivirus updates so all our devices are secure.
• Miradore user agent 

Mobile device and access management

• Set rules and configure settings on personal and organisation-owned devices to access data and networks.
• Deploy and authenticate apps on devices -- on-premises and mobile.
• Protect company data by controlling the way users access and share information.
• Make sure devices and apps are compliant with security requirements.
• Only provide user access to laptops (No admin access, excluding developers)
• All new software installation requests will go through the system admin to make sure nothing is installed on work laptops that poses a security risk.

Vanta compliance-related tickets

• Vanta will continue to monitor and create issues to be compliant with ISO 27K over time. The system administrator must resolve all such system-related tickets.

Access management to different user applications

• Access should be restricted to only what is necessary to perform job duties ("principle of least privilege").
• Technical access to all the company’s networks must be formally documented, including the standard role for approver, grantor, and date.
• Only authorised employees and third parties working off a signed contract or statement of work, with a business need, shall be granted access to the company’s production networks.
• The company’s guests may be granted access to guest networks after registering with office staff without a documented request - guest network management.

Removal media encryption

• Research removable media encryption and figure out if removable media should be implemented and make sure it is always encrypted.

MFA reset and debugging

As we are enabling MFA for more and more applications that we have, more people are likely to have issues with it as the business moves forward. 

• Different online applications will have different ways of handling the MFA reset; a system admin should be familiar with all.

Website watcher configuration and email issues

• Software like Website Watcher keeps having email issues, as it sends emails in huge numbers every day. The system administrator must keep an eye on the emails and fix issues promptly as and when they arise.

Office network management

• System admin can help in creating guest networks in the office and making sure that the network is as secure as possible.

Phishing emails

• Finding the optimal solution to prevent phishing emails from getting delivered.
• Verifying emails sent by our staff to check for phishing emails.

Security incidents handling

• System admin must monitor incident and event tickets and assign severity tickets.
• Continuous checks to ensure the security incident policies are being followed and up to date
• A root cause analysis report must be documented and referenced in incident tickets.
• A central "War Room" will be designated for handling security threats. This may be a physical or virtual location  (i.e., Slack channel) and managed by the system admin.
• Conducting recurring Incident Response Meetings until the incident is resolved (as per the company's established norms)

Implement password policy

• Password policy must be in place to ensure that users are using secure passwords that are not easily crackable.

Add-ons:

• Devops is a plus point

Dear Candidate,

Greetings from HCL Technologies Ltd.

• Make sense of Cyber security and compliance frameworks that apply to your business or industry
  • Identify business risks, taking into account the role of your hosting service provider
  • Determine which Cyber security controls are required to mitigate your identified risks
  • Improve collaboration and communication during Cyber security Incident mitigation and response.
  • Establish the necessary framework based on NIST Framework to maintain and continually improve your information security program over time based on evolving scope and emerging risks
  • Document and track efforts for evidence collection and audit preparation

• will have primary responsibility for coordinating and implementing effective Cyber Security management across the account. This role will ensure that all Supplier obligations are met regarding compliance with Security guidelines, data protection, regulations, Supplier policies, and key controls.
• provide implementation and ongoing operation of Security management framework;
• be responsible for coordinating activities to address the key Security risk exposures;
• ensure Security awareness training of, and assistance in the implementation of robust Security management practices across Security operations;
• direct the design of controls to address emerging or new Security risk and compliance requirements;
• carry out regular and frequent assurance reviews of the design and operating effectiveness of Security controls;
• implement, monitor and report on key Security risk indicators to identify and address emerging risks;
• coordinate with other Service Providers and Security functions, to facilitate client’s audits and inspections;
• manage and report on responses and actions to address Security audit points, inspection deficiencies, or control weakness identified during normal operations.
• review outcome of cyber security risk assessment, timely implement open action items and report progress to stakeholders
• incorporate vulnerability testing as an integral part of change management
• Should have good knowledge of Cyber Security Framework and controls
• CISA ,CISM or CISSP certification should be preferred.
• Have good understanding of Security policy and process along with ITSM process.