---

---

Location

Thiruvananthapuram | India

---

Job description

JOB DESCRIPTION

Role Proficiency:

With strong knowledge of various applicable compliance standards independently handle internal/external compliance audits and VAPT/Red Teaming assignments. Involve more in the risk assessment and remediations. Effectively communicate with customer to understand the requirements and clearly convey the requirements to team. Handle the assigned tasks with minimal supervision

Outcomes:

1. Should handle the assigned tasks from the allocated domain with minimal guidance from the leads. (Domain Examples: BCMS Risk assessment incident management HITRUST SOC customer assurance Awareness activities Data Privacy VAPT Red Teaming etc.)
2. Handle (with minimal guidance from the supervisors) internal/external compliance audits to ensure compliance with ISO 27001/ISO 22301/ISO 27701 requirement as well as process specific requirements.
3. Responsible for the effective documentation of internal audits (reports) external audit documentation.
4. Help the team for effective external audit facilitation and the related responsibilities.
5. Point out the non-conformance areas related to information security with assistance from the supervisor.
6. Ensure that policies are updated as and when required and eliminate the discrepancies of old policy versions.
7. Conduct information security awareness training programs for all the employees contractors and approved system users.
8. Evaluate IT Controls' implementation and perform Risk Assessment.
9. Carry out technical vulnerability assessments of IT systems and processes to identify potential vulnerabilities. Make recommendations to control any risks identified and ensure that they are implemented.
10. Collect review and analyse latest technologies and tools.
11. Analyse user requirements and steps required to perform the VAPT/Red Teaming.
12. Interact with and communicate detailed technical requirements to the team.
13. Lead Security Assessment scoping independently based on security standards like OWASP.
14. Lead Web Application Penetration Testing Network Penetration Testing Mobile Penetration Testing and Code Review independently based on the guidance from leads.
15. Learn and understand existing and emerging security management practices.
16. Independently handle the evidence collection from multiple teams as part of any external audits.
17. Assist in customer assurance activities.
18. Assist in the process automation activities.
19. Mentor and Lead A band employees.

Measures of Outcomes:

1. Number of internal audits and security assessments conducted per year.
2. Number of external audit facilitation activities.
3. Number of Threats/Risks/Vulnerabilities reported per year.
4. Number of NCs in external audits on assigned domains.
5. Number of areas of responsibility on cross domains.
6. Performance of ISMS/BCMS/PIMS/QMS in the responsible centre/regions.
7. Awareness activities conducted and the percentage of adoption in the responsible centre/regions.
8. Noticeable initiatives taken to improve the process.
9. Less than two stake holder escalations.
10. More than three appreciation from the stakeholders/supervisors.

Outputs Expected:

Documentation:

1. Policy and Procedure amendments
   Awareness training materials
   Presentations decks for internal/ external discussions
   Audit /Security Assessment reports

Process:

1. Internal ISMS audits - independently carry out audits
   prepare audit reports and ensure timely closure of audit reports
   
2. Compliance Audits - Representation in certification audits
   conduct preparatory session and evidence collection
   
3. Risk Assessment - IT Controls' implementation and assess risks
   
4. Infosec activities - training material
   conducting sessions
   co-ordinate with other teams for trainings conducting
   
5. Customer Assurance - independently handle customer assurance requirements and evidence collection
   
6. Policy - Identify discrepancies in the policies and addressing it
   
7. Vulnerability Assessment and Penetration Testing/Red Teaming Activities
   
8. CM activities
   
9. Executing other location responsibilities

Monitoring:

1. Mentoring and leading A band employees

Training or certifications:

1. 2 per year (1 certification and minimum 1 of UST trainings on ISMS domains)

Skill Examples:

1. Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions
2. Able to interpret all scenarios applicable to the business for identifying the potential risks associated with various functions/services.
3. Proficiency in Network Security Controls' implementation like IAM IPS/IDS E-Mail Security Controls Cloud Security Controls etc.
4. Proficiency in Technical Vulnerability Assessment and Management.
5. Strong compliance auditing knowledge.
6. Detail oriented customer oriented result delivery oriented analytical thinking
7. Strong Excel and Dashboard skills.
8. Excellent Presentation and communication skills
9. Excellent verbal and written communication skills required including the ability to effectively communicate in both highly technical and non-technical environments
10. A great problem solver with the knack of coaching others to do the same
11. Good at working in a team and with other teams
12. Good time management
13. A desire for continuous learning and skill development.
14. Self-motivated and enthusiastic

Knowledge Examples:

• Should have a strong understanding of concepts of Information Security Business Continuity and Data Privacy VAPT Red Teaming and various compliance standards.
  1. Knowledge on ISO and other Compliance standards efficient to evaluate the security controls.
  2. Knowledge on ISO 22301/27001/9001/27701 Risk Management incident management awareness activities customer assurance etc.
  3. Knowledge on standard SDLC and project management life cycles.
  4. Knowledge on the operations of various functional units like HR REFM IT Finance etc. and units involved in IT Asset lifecycle management.
  5. Expert on security testing standards like OWASP Top 10 SANS 25 etc.
  6. Good at OWASP cheat sheets and other security frameworks.
  7. Expert on Linux commands.
  8. Expert on Scripting Languages like Shell Script Python etc.
  9. Development and Testing knowledge would an added advantage.
  10. Hands on experience in RSA Archer Postman Burp Suite Nessus Nmap Genymotion MobSF Drozer etc.
  11. Good to have Certifications like ISO 27001/22301/9001/27701 Lead Auditor/Implementor CISA CRISC SSCP ECSA (Practical) ECES CHFI OSEE etc.

Additional Comments:

Access Management SME Job Description Access Manager Engineer Job Description, Duties, and Responsibilities UST HealthProof (UST HP) Information Security is looking to expand staffing to support their web application platform security solution based on the ForgeRock IAM platform. The staff member will work under the direction of the InfoSec IAM Director and IAM Lead Architect. Primary duties are to function as the as technical lead/SME integrating and supporting the ForgeRock Access Manager solutions. Primary Duties . Working directly with various Advantasure and technical and business teams designing and implementing IAM solutions which meet the strategic goals of UST HP and Advantasure leveraging ForgeRock IAM Platform technologies. . Operational monitoring and support the ForgeRock Access Manager 7.x solutions. . Web SSO integration with 3rd party applications including on-prem and cloud native. . Advanced configuration of Access Manager security realms and authentication trees. . Knowledge contribution in perspective of technology best practice. . Conduct demo knowledge sharing with teams. . Collaborate with IT stakeholders for communications of ForgeRock IAM capabilities. . Work in a DevOps Agile environment delivering best of breed web security capabilities. . Participating in scrum meetings to give feedback on sprint achievement, as well as to set sprint goals and relay new user stories. . Manage and develop product backlog, as well as user stories backlog for implementation. . Conduct backlog grooming meetings with a team of product owners. . Highlight product features in a manner clearly understandable to the development team and QA. . Integrate ForgeRock AM with various authentication backends such as Active Directory, LDAP or other. . Ability to configure various authentication schemes including, but not limited to, header, SAML, OAuth, etc. . Ability to design and implement authentication trees for custom use cases for registration, MFA, etc. . Work collaboratively with other IAM team members supporting ForgeRock IAG, IG, AM and LDAP. Qualifications . Bachelor's degree in software engineering, information security or related discipline. . Minimum of 2 years of dedicated experience in ForgeRock Access Manager and supporting technologies: o Access Manager (formerly Open AM) o Directory Services (formerly Open DJ) o Identity Gateway (formerly Open IG) . Strong knowledge and background Header, SAML and OAuth, OIDC, JWT authentication schemes. . Minimum of 1 year of experience ForgeRock Identity Manager. . 5+ years of relevant work experience in information technology. . Experience with Identity Access Management, including strong background with ForgeRock platform technologies. . Knowledge of one or more of the following operating system environments: Microsoft Windows Server and Redhat Linux ES. . Familiarity with APIs, web services (RESTful and SOAP), and SOA (Service Oriented Architecture). . Familiarity with Internet Information Server (IIS). . Proficiency with Apache Tomcat. . Strong relationships experience managing stakeholders to drive cross functional program with proven track record of a delivering result through influence. . Ability to provide strategic guidance and direction, strong judgment especially relevant in balancing long term strategic investments with near term business goal. . Exceptional written, verbal, and interpersonal communications skills . Positive, proactive, and able to always exercise the judgment. . Ability to work highly ambiguous environments. . Ability to work effectively with a variety of organizations, management levels, cultures, and personality. . Self-motivate and work under minimum supervision. . Demonstrated ability to work independently or collaboratively.

---

Job tags

---

---

Salary