IT Security & Compliance Lead

IT Security & Compliance Lead

Location : Hyderabad

Experience : 5-8 years

Only Immediate Joiners.

Responsibilities

IT Security, Compliance and Administration the Security / Compliance Analyst works in compliance with all written and approved policies, rules and regulations. This also includes the review and audit of all required data and evidences presented to both internal and external auditors. This position will play a key role in meeting and exceeding compliance to current and future IT narratives already in place. This position also includes providing security oversight and review of all security policies and adherence to those policies. The Security / Compliance Analyst will perform threat analyses and recommend adjustments to our current threat stance accordingly

Specific Duties : (Describe the duties performed beginning with most important. For each duty, state frequency i.e. daily, weekly, or occasionally.)

Duties Percent of Time Spent (may change as business needs dictate)

Ensure compliance with current policies 25%

Prepare and support internal and external audits 25%

Review security policies and ensure compliance 25%

Prepare current threats analyses and make recommendations 15%

Miscellaneous duties as needed to support the IT Security, Compliance and Administration group 10%

Assignment Review and Approval of Work : (Indicate who assigns work, how instructions are provided, and who reviews and approves work when completed.)

Senior Manager of IT Security, Compliance and Administration assigns all work duties and provides general instructions.

Responsibility and Decision-Making : (Briefly specify responsibility for making decisions.)

Senior Manager of IT Security, Compliance and Administration assigns all work duties and provides general instructions. Main responsibility involves the compliance and security reviews. There is some reporting involved in this position.

Equipment and Software Operation : (How much time is spent operating equipment? Indicate the types of equipment operated. Include specific hardware and software used and product achieved through usage.)

MS Office is required, base knowledge of Microsoft Active Directory as is SharePoint also. Knowledge of most Anti-virus programs is a plus as is knowledge of security scanning programs such as Nexpose or Nessus.

Relations with Others : (What contacts are made other than immediate co-workers and supervisors?)

Position interacts with IT department personnel in relation to system issues. This person works with Business Analysts and Project Managers to schedule migrations. Interaction with the IT Helpdesk may be common.

Hardest Part of Job : (Describe the most difficult or most complex part of the job.)

Ensuring to ready for all audits and that the security stance is maintained to prevent malware intrusions

Experience Necessary : (List minimum education or equivalent experience required performing job successfully; type and length of work experience, and any special courses required.)

• Associate’s Degree or equivalent work experience.
• At least 2 years’ experience in a compliance / admin role.
• Experience with SharePoint 2010 and 2013
• Experience with Microsoft Office Suite (Word, Excel, PowerPoint, Visio)
• The ability to work with limited supervision.
• Superior oral communication and interpersonal skills required.
• Detail oriented individual with excellent work / time organizational skills, as well as analytical and problem solving skills, essential.
• Take personal ownership (going beyond assigned tasks to make projects better, identifies and reports issues, demonstrates strong concern for client and initiatives)
• Employee must be a team player with initiative and self-motivation; must be able to follow written and verbal instructions as well as interpret written policies; must be flexible to accept frequent change in priorities and possess the ability to coordinate tasks under critical time demands.

Learning Period : (How long would it take a new employee to handle this job satisfactorily? What parts would take the longest to learn?)

Employee could perform most tasks independently within 3 months. Detailed tasks take longer to learn, requiring assistance up to 3 months. Specific system interactions, interfaces and data processing impacts require the longest learning period.

Additional Information : (List any information not previously described that would help someone better understand this job.)

Documentation is a key process that must be maintained while in this role. Candidate must act as a subject matter expert to other groups and departments. Candidate must be proficient in the use of the following software :

PATCH MANAGEMENT SERVICES

Install anti-virus, operating System and middleware Software (engine and signature file) updates according to Customer-approved security / risk patching policies and procedures.

Test anti-virus, operating System, and middleware Software updates prior to distribution according to Customer-approved security / risk patching policies and procedures.

Scan Customer Systems according to Customer-approved security / risk patching policies and procedures.

Apply critical / risk patches within four (4) hours of Customer approval as required in outbreak situations, according to Customer-approved security / risk policies and procedures.

Push anti-virus, operating System and middleware Software patches / updates to any contingency environments.

High Criticality : A vulnerability which if exploited may have a catastrophic or critical impact to the business if it were not to be mitigated through patching or other means.

Medium Criticality : A vulnerability which if exploited may have a significant impact to the business if it were not to be mitigated through patching or other means.

Low Criticality : A vulnerability which if exploited may have some impact to the business if it were not to be mitigated through patching or other means.