Senior Associate - IT Security
Position Name- Senior Associate - IT Security
Job Location- Bangalore
Education - BE/ BTech/ MCA/ MTech
Experience - 3-6 yrs
MetricStream is the market leader in GRC. Through our enterprise platform and cloud software, we enable enterprises across industries to drive exceptional business performance based on a foundation of good governance, trust, and integrity.
The individual will focus primarily on the Information Security and Privacy practices within the organization. This would be in line with Information Security requirements from business requirements, customer requirements, regulations and certifications such as ISO 27001, SOC2, HIPAA and other compliance programs.
He/ she need to collaborate and working effectively with cross-functional stakeholders across the organization in terms of risk assessments, control and process design and implementation, monitoring, security awareness etc.
He/ she should have an understanding of information security principles and practices, privacy concepts, risks to information or data and suggest appropriate mitigating controls. He should understand the IT processes, systems, applications within the organization and the controls implemented to strengthen systems against any incidents, breaches or outages. He would work with respective teams to analyze security incidents, review RCA and suggest steps to improve the controls.
- Documentation and review of Information Security and Privacy policies and procedures, processes and FAQs
- Respond to customer risk or due diligence questionnaires
- Work with IT team on implementation and review of technical controls
- Work with business units for assessing information security needs, risks and awareness
- Perform Security Risk assessments and recommend mitigation steps
- Perform Privacy assessments as part of GDPR, EU Data Protection, HIPAA, GLBA etc.
- Execute Data Privacy projects that includes subject matter and geographic scope, processing activities, third party involvement, and potential data uses
- Participate in customer or external security audits
- Perform Vendor or Third Party Assessment audits
- Manage Business Continuity program and oversee the Disaster Recovery tests
- Perform adhoc/ periodic review to assess the effectiveness of existing controls
- Plan and manage the access review programs for the organization including logical and physical accesses
- Understand and manage vulnerability advisory mitigation across the organization
- Handle information security incidents including any data breaches
- Develop and deploy Security awareness and training programs
- Understand the latest technology and trends in Security space