Telecom company
– Ensure that Information Security Requirements for the specific contract will be adhered to and maintained
– Perform periodic risk and security assessments, review and propose updates to the Information Security – Requirements based on risk and security assessments
– Maintain the personnel’s awareness of up-to-date security policies and procedures
– Maintain procedures to ensure management of security for systems under company Management
– Perform periodic checks that only the authorized persons have access rights to information, systems, and facilities, and report findings
– Perform periodic review of baseline security standard for the operating systems and network devices
– Track closure of identified gaps and report compliance periodically
– Ensure that all relevant security process and procedure documents are up to date and reviewed periodically
– Perform periodic review of the contracted customer delivery against ISO27001 standard
– Test the security control effectiveness and identify gaps (if any)
– Assist in security exception handling process
– Provide recommendations in lieu of security exceptions, provide risk analysis, and recommend actions
General competencies:
– 4 to 7 years experience with at least 4 years of experience in IT
– 2 years in Security Governance, Risk and Compliance (GRC)
– Good documentation, analysis skills
– The ability to work constructively under pressure
– Ability to work both in a team as well as individually
– Knowledge sharing & collaboration skills
– Customer oriented, Service minded
– Deliver results & meet customer expectations
– Excellent communication skills, English is a must
Technical competencies:
– Good knowledge and understanding of information security
– Good understanding of ISMS (Information Security Management System), ISO 27001 standard and prior experience of conducting IT audits
– Knowledge of data privacy and GDPR
– Should be adept at conducting gap analysis & risk assessments to identify high risk areas and recommend controls to address the risk areas
– Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks, also with available security control (technical & process control) for respective layers
Academics and Certifications:
– Education: BE/ B.Tech (Telecommunication/ Computer Science)
– ISO 27001 Lead Implementer, CISA, ITIL, CISSP, and CISM certifications will be an advantage