The Info Security & Compliance Consultant is specialized in the area of IT Governance, Risk, Control and IT Security. Consultant will be part of the IT GRC team supporting the client across the world. Regardless of specialization it is important to have an understanding and insight in all areas of IT Security. Main tasks of the consultant are as follows
Collaborate with the Client Security team/group for streamlining any security process or procedural change in service operations. This may involve working with client and technical teams to develop new security processes or technology selection.
Report on BAU Security operations to Information Security and Compliance Head, as well as to the client via the IT GRC tool and various committee meetings. This would involve auditing and checking various security processes and technical controls, to ensure they are being carried out as required.
Ensure development of IT GRC and System Security Plan and adherence in procedural documents & Operations.
Participate in all security compliance audits performed by internal and external teams. Remediate any security compliance audit failures along with service operations team.
Develop & Plan internal audit calendar aligned to client’s internal as well as external audit schedule
First point of escalation for any security, data breach or non-compliance. Participate in Security Incident & event analysis & reporting to the compliance lead for any breaches.
Facilitate in-time evidence provisioning to
• Hands-on experience in IT Security implementation & audit (such as ISO 27001)
• Experience in information technology security is a strong requirement, and person should have experience in at least one or more technology at some time. (Such as firewalls, Security Incident & Event Management, Intrusion Detection etc) Good technical understanding is essential as role requires engaging with customer and service personnel at detailed level at times.
• Experience in security architecture consulting, control establishment & optimization along with auditing security domains such Identity & Access Management, Data Encryption, application security (VA/PT), Firewall auditing, Vulnerability Management & Reporting, Asset Management.
• Knowledgeable about NIST, CIS guidelines, various other IT Security regulations& baseline controls
• Experience in SoX, Information Security, Data Privacy and PCI requirements
• Knowledge of Security and Compliance Testing IT Infrastructure, and exposure to any IT GRC tool such as Archer, Metric Stream etc. will be a plus.
• Experience with SIEM tool and conducting security incident & event investigations etc.
• Preferred Certifications: ISO 27000 LA, CISA, CISSP
• Strong analytics & reporting skills with strong communication & presentation.
• Ability to work with all level of clients & internal resources
• English proficient both spoken and written
• Swedish proficient both spoken and written is a plus
Certified Information Security Manager (CISM)