Institutional Shareholder Services
Location
Mumbai | India
Job description
This role is responsible for supporting the information security agenda for ISS. The role s primary focus is protecting the Firm s information security interests, leveraging ISS security tools and applications with a secondary focus on Information Security audit and compliance. As part of the Information Security Office, this role will work closely with technology functions to identify areas of improvement and supporting initiatives to promote information security within the organization.
Responsibilities
Gain/leverage familiarization with, and perform administration for, ISS Security Tools and Technologies such as:
Intrusion Prevention Systems - Both Network and Host-based
Internet protection and filtering
Email Protection
Endpoint anti-malware and protection
Security Information and Event Manager
Endpoint/Extended detection and response
Security Reporting and Metrics
Operational Activities
Administer SPAM protection utilities contained within the Email Gateway; configure sender and domain blacklists, maintain tracking for all reported emails.
Administer Web Gateway (Internet protection); manage whitelist modifications, reporting and metrics.
Coordinate and perform reporting and monitoring functions on the Security Information and Event Manager (SIEM) in place within the ISS enterprise.
Create security baselines for workstation, desktops, network devices and database technologies. Audit assets for adherence with the documented baselines.
Monitor security vulnerability repositories and relevant security news websites for relevant bugs and news items.
Coordinate appropriate evaluations of the local business continuity plans from a security and compliance perspective.
Monitor physical security alerts; responding and escalating as appropriate.
Monitor CCTV alerts; responding and escalating as appropriate.
Security audit and compliance
Assisting with the monitoring, maintaining and measuring of compliance with industry standards, certifications and internal controls.
Operational activities including coordinating, reporting, and monitoring functions using ISS security tools and technologies as needed.
Help maintain documentation of work processes and institutional knowledge in a centralized, web-based database.
Flexible working hours: Ability to adapt working hours to accommodate global client ecosystem as required.
Other duties as assigned to improve security posture within the Firm.
Qualifications
Good and relevant IT degree(s).
Must have at least 7-10 years of relevant Information Security/Cybersecurity experience including establishing and monitoring information security controls.
Must have CompTIA+ certification.
Certification(s) such as CISSP, CISA, CISM, Cloud+, CASP+.
Experience with Trellix, SkyHigh & Microsoft security tools.
Required to have knowledge of ISO 27001, SOC, SSAE or other compliance standards.
Desired Skills
Excellent verbal and written communication skills. Must be able to interact and coordinate work efficiently and effectively with clients and ISS personnel in locations around the globe.
Proven, strong Technical Writing capability - be prepared to provide and/or discuss samples.
Strong administrative skills, with effectiveness in developing tasks and managing time and resources to achieve target dates.
Must be a productive (and/or proactive) team player.
Strong general computer skills (Microsoft Word, Excel, PowerPoint, Outlook, etc.).
Fast learner, able to master new concepts, theories, ideas and processes with ease.
Have strong analytical, organizational, and decision-making skills.
Proven process-oriented skills.
Demonstrated troubleshooting, follow-through, and critical-thinking skills.
Have a high-level of risk intelligence and security awareness.
Job tags
Salary
