Job Description:

·         IT Security Consultant, with overall 5+ years of professional experience with areas of expertise in Governance Risk & Compliance (GRC), Third Party Risk Management (TPRM), Information Systems Audits including ISO 27001, Data privacy, GDPR, ITGC Assessments, Control testing, Information Security, ISO 27001 Implementation, SOX and SOC 2, IT Risk assessments on application and infrastructure.

·         Information Technology and Information Security Governance and Risk Compliance Implementation across various industries including Banking, Retail, Insurance, Energy, and e-commerce.

·         Expertise in Vendor Management, Issue Management, Compliance Management, Policy Management, Business Continuity and Disaster Recovery & Risk management modules/solutions.

·         Detailed knowledge of international regulations and best practices covering ITIL, COBIT, ISO 27000, SOX, COSO, PCI, HIPAA and NIST 800.

·         Have experience in core ISMS, services focused on SOX, ITGC, COBIT, COSO, ISO 270001, specialized in Governance & Compliance and Internal Audits.

·         Good experience in client interaction with global leaders during requirement specifications and project implementation phases.

·         Performed risk assessments based on industry standards, provided recommendations to management on results of analysis and worked closely with other team- members to refine and enhance security controls and reduce organizational risk.

·         Managing GRC and Third-Party Risk Management related engagements.

·         Conducting audits to check the security posture of critical vendors.

·         Performing quality checks for third party risk assessment.

·         Facilitating External and Internal audits for ISO 27001.

·         Identify and assess areas of significant business risk.

·         Plan and evaluate IT-related technical and organizational measures.

·         Managing and reporting compliance breaches and exposures.

·         Conducting Compliance audits by reviewing SOC2 Type II, Hi-Trust, ISO27001, PCI-DSS reports.

·         Supporting various departments by collecting and coordinating internal compliance data with auditors and various departments.

·         Ensuring complete, accurate, and timely audit information is reported to Management and/or Risk Committees.

Qualification

· Bachelor’s degree in computer science (B. Tech, BE, BCA, or MCA), ISO 27001 :2013 LA Preferred,

· Experience in Audits and Assessments preferably covering ISO 27001, SOC 2 Type 2, GDPR, Client Audit and Privacy Regulations (GDPR)

· Experience in identifying and remediating threats & vulnerabilities.