Information Security Risk Assessor - Bengaluru, India - eliterecruitments

eliterecruitments

Verified Company

Bengaluru, India

1 week ago

Posted by:

Deepika Kaur

beBee Recuiter

Description

Information Security Risk Assessor (ISRA):

We are looking for an Information Security Risk Assessor (ISRA) to join our client's team.

In this role, you will play a crucial part in securing our projects by design through the delivery of Information Security Assurance Plans based on ISO Risk Management principles.

Location - Pune/Bangalore

Experience - 4 To 10 Years

Key Responsibilities:

Delivering IS Assurance Plan based on ISO Risk Management to secure projects by design.
Conduct security risk assessment using tools to capture and record operational security risks.
Deliver Information Security Assurance Plan to help IT Projects during their implementation.
Collaborate with Information Security Analysts and global IT Risk assessor to scope the security risk management and reporting requirements from AXA Group Operations risk management framework.
To socialize security risk assessment schedules and requirements with stakeholders, including thirdparty service providers.
Assess and classify security risk assessment outputs and rate security risks as per the AXA GO security risk management framework.
Collaborate with Information Security Analysts and engage with AXA GO Operational teams to walk through the results of the security risk. Assessment and seek mitigation action plans with timelines for each security risk.
Collaborate with Information Security Specialists and escalate to Global IT Risk Assessor on lack of progress.
Collaborate with the Group Operational risk team to share all security risks that have the potential for Groupwide impact.

Experience Required:

years of experience in IT risk

Knowledge of Regulatory Frameworks
NIST Cybersecurity Framework, PCI DSS, STIG, GDPR, SANS, SO 27001 and ISO 27002, CIS Controls.
Worked on Technology Security
Cloud (AWS, Azure, GCP), Infrastructure (Servers, Firewall, Mainframes, SIEM, Networking ), Application testing/security
Expertise in Security Management frameworks and standards like ISO 27001, NIST, PCI, CIS and OWASP.
IT Risk and compliance expertise with experience in assessing Infra/Applications against IT regulatory and security technical controls.
Sound knowledge of cloud technology and concepts for CSP like AWS, MS Azure, GCP and DevSecOps.
Knowledge of Windows, Linux, Oracle, SQL, Networks, Firewalls and Cloud computing.
Extensive knowledge of data management and information security principles.
Experience with IT security vulnerabilities and IT security audit procedures.
Liaise with the internal IT and Operations resources to ensure all deliverables are met.
Superior organizational, communication, and time management skills.
Relevant certifications such as CISSP, CISM, CEH, CRISC or GIAC.

Must Have Skills:

Handson experience in information security Risk Assessment methodology (Asset Criticality Rating/Information Security Assurance Plan/Residual Risk Rating).
Experience in preparing assurance plans.
Ability to deliver risk assessment outputs and rate security risk as per internal risk management framework.
Experience in dealing with external providers, solution engineers, designers and business/system/asset owners.
Exposure to articulating security risks to other teams globally.