Greetings from SmartStream Technologies India Pvt. Ltd. !
An IT Risk Specialist is responsible for identifying, assessing, and mitigating potential risks to an organization's information technology systems and data. They ensure the security, privacy, and integrity of IT infrastructure while adhering to relevant regulatory standards and industry best practices. Monitor industry compliance (PCI-DSS, ISO 27001, SSAE, NIST) requirements and cyber security trends. Review cloud security solutions with respect to PCI and Cloud Security Attestation (CSA). Support the PCI Network, IT Infrastructure and Applications with security solutions, that offers SaaS OnDemand platform to card customers. Job Responsibilities Develop a master control list, including clearly written failure points and testing procedures that effectively address the security, risks, controls, and compliance issues. Identify and assess risks related to IT systems, networks, and data. Perform risk assessments and vulnerability assessments for technology infrastructure and processes. Prioritize risks based on their potential impact on the business. Assist with documenting and regularly reviewing security policies, processes, and procedures. Ensure compliance with industry standards, regulatory requirements, and internal security policies. Conduct periodic IT security review, firewall configurations review of PCI environment. Oversee the identification, investigation, and response to IT security incidents and breaches. Conduct post-incident analysis to determine root causes and recommend improvements. Review IT security controls required for cloud security, ISO 27017, ISO 27001, C5, CSA, SSAE etc. Perform Risk assessment of client environment and hosted SaaS offerings. Perform internal assessment on client IT security and compliance requirements. Perform ad hoc audit projects responding to emerging risks and management requests. Act as the primary contact between technical teams, internal and external auditors; compiling and preparing artefacts. Respond to customer RFPs and RFIs on PCI and Cloud security deliverables. Conduct relevant contract reviews regarding PCI compliance and IT security requirements. Partner with procurement on the 3rd party risk management program. Senior management reporting on the Audit observations. Key Skills
Equality Statement SmartStream is an equal opportunities employer. We are committed to promoting equality of opportunity and following practices which are free from unfair and unlawful discrimination.
It Specialist • India