Compliance and Security - Bengaluru, India - AANSEACORE INC.

Description

We are looking for an experienced Compliance and Security Senior Technical Specialist who will support a major region for the security related topics under C&S scope covering PAM, RSA, Vormetric, Proof point, Hardening.

He / she would oversee these security platforms / tools and objectives in line with the global directives to keep the company safe.

As an SME, you will be responsible for providing expert guidance, recommendations, and hands-on support in these areas to ensure the security and integrity of our organization's IT infrastructure.

Skill / Qualifications

• Bachelor's degree in Information Systems, Information Technology (IT), Computer Science, Engineering, related programs, or equivalent experience.
• Proficiency in implementing and managing Vormetric encryption solutions or similar encryption technologies.
• Extensive knowledge of system hardening principles, secure configuration standards (e.g., CIS benchmarks), and vulnerability assessment tools (e.g., Kenna, Qualys).
• Strong analytical and problemsolving skills with the ability to assess complex security issues and provide effective solutions.
• Excellent communication and interpersonal skills, with the ability to effectively convey complex technical concepts to both technical and nontechnical audiences.
• Proven experience working as a Subject Matter Expert (SME) or Consultant in Privileged Access Management (PAM), RSA, Vormetric, ProofPoint, and system hardening (details below).
• Experience with IT Infrastructure essential.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or vendorspecific certifications in PAM, RSA
• Familiarity with industry regulations and frameworks related to privileged access management and security hardening (e.g., NIST, PCI-DSS, ISO
• Tools & Technology
• Privileged Access Management (PAM):
• Expertise in implementing and managing PAM solutions, such as CyberArk, Thycotic, or BeyondTrust.
• Knowledge of privileged account lifecycle management, including provisioning, deprovisioning, and access review processes.
• Familiarity with privileged session monitoring and recording.
• Understanding of privileged access policies, standards, and best practices.
• Proficiency in evaluating and mitigating risks associated with privileged accounts.
• Ability to design and implement privileged access controls and workflows.
• Experience in integrating PAM solutions with other security technologies and identity sources.
• Knowledge of compliance frameworks (e.g., PCI DSS, HIPAA) and their requirements related to PAM.
• Data Loss Prevention (DLP):
• Strong understanding of data classification and data handling requirements.
• Knowledge of DLP technologies and tools like Symantec DLP, McAfee DLP, or Forcepoint DLP.
• Ability to assess and classify sensitive data across various platforms and data repositories.
• Experience in designing and implementing DLP policies and rules.
• Proficiency in configuring and managing DLP agents, sensors, and monitoring consoles.
• Familiarity with incident response and investigation procedures related to DLP incidents.
• Understanding of regulatory compliance standards (e.g., GDPR, CCPA) and their impact on DLP implementations.
• Knowledge of encryption and data protection techniques.
• Identity and Access Management (IAM):Proficiency in IAM concepts, principles, and frameworks.

Experience with IAM solutions like Okta, Azure Active Directory, or SailPoint.
Knowledge of user lifecycle management, including user provisioning, deprovisioning, and access recertification processes.
Understanding of identity governance and administration (IGA) processes and controls.
Ability to design and implement IAM roles, entitlements, and access policies.
Familiarity with single sign-on (SSO) and multi-factor authentication (MFA) technologies.
Knowledge of directory services (e.g., LDAP, Active Directory) and their integration with IAM solutions.
Understanding of federation protocols and standards (e.g., SAML, OAuth, OpenID Connect).

• Threat and Vulnerability Management (TVM):Expertise in vulnerability assessment tools like Nessus, Qualys, or Rapid7.

Certification Required

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• PAM
• RSA

Responsibilities:

• Interface with engineering management and leadership to drive secure initiatives, planning, and resolve issues and conflicts early and within development lifecycle
• Facilitate secure engagement activities including security requirements, threat modeling, vulnerability analysis, and risk assessment
• Coordinate security incident and response activities, performing analysis, collaboration with engineering, and drive resolution of incidents
• Identify and drive process efficiency and optimization within the team, allocation of resources, ensuring milestones and targets are achieved
• Monitor and manage product risks, ensu