This job has expired

Security Track Consultant

10-14 years
Not Specified

Job Description

Job Description
JD for Security GRC
  • Providing subject matter expertise in the creation and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, CSA, NIST, SOC, HIPAA, HITRUST, PCI, FedRAMP/FISMA, knowledge on COBIT or COSO framework
  • Helping to interpret security, risk, and compliance controls, be able to analyse the maturity at achieving them, and helping to report against the status.
  • Participation in and active contribution to working groups focused on security, risk, and cloud standards - able to represent and negotiate the customer needs (in terms of maintaining agility, technical solution independence etc) to move towards more standardised practices
  • Ability to utilize working knowledge of information security best practices such as: NIST 800 series, PCI, HITRUST, ISO 27000 series, GDPR, etc
  • Conducting regularly scheduled audits on systems and hosting third-party audits as required to maintain certifications and compliance certificates.
  • Architecture and security management
  • Strong understanding of security best practices on securing network and enterprise cloud applications
  • Develop, plan, and deploy measurable and sustainable security enhancements which protect from cyber threats
  • Work with internal and external vendors to support facilitation of penetration and vulnerability tests
  • Driving compliance with disaster recovery, backup and restore policies and improvements
  • Contribute to audit requests internally or externally, including external industry regulatory audits
  • Support the development and maintenance of Cyber Security policies, standards, and guidelines in alignment with applicable laws, common security frameworks and leading practices.
  • Facilitate the execution and continuous improvement of third-party risk management program and processes.
  • Review and manage exceptions to Cyber Security policies.

  • Security & compliance professional with experience in IT security best practices and principles in a modern cloud-first setting, preferably with a background of hands-on experience in infrastructure and Public cloud.
  • Minimum 12+ years of experience in Risk Management, Implementing COBIT Framework, regulations knowledge and implementation and Design Security policies, process and procedures.
  • Experience of writing and implementing security policy and runbooks for security compliance
  • Knowledge and experience in security requirements, standards and practices including PCI DSS, HITRUST, HIPAA, NIST CSF, NIST 800-53, ISO 27001, SOC2, COBIT, GLBA, SOX, GDPR, OWASP Top 10, SANS Top 25, etc.
  • Be a strong communicator and capable of navigating multiple contributors and stakeholders.
  • Good command of written and spoken English to be able to interpret precisely worded audit and compliance statements.
  • Strong understanding of application, network, operating system, and core infrastructure security concepts.

Education and Training
  • Bachelor's degree in Information Technology, related discipline, or relevant work experience.
  • In-depth knowledge of the industry s standards and regulations, specifically SOC 2, PCI-DSS, HIPAA, HITRUST, ISO 27001, GDPR, COBIT framework.
Relevant Technical Security Certifications (i.e, GIAC, CISSP, CISA, CISM, CRISC)

About Hexaware

Job Source :

Similar Jobs

People Also Considered

Career Advice to Find Better