Job Title: Senior Consultant Information Security - ITJob Purpose: Acting in a key technical management & execution capacity to provide a conduit between IT teams and key business stakeholders thereby ensuring information technology needs are managed consistently, following professional IT and global standards, and delivered with a high quality and customer satisfaction.Reward level: Middle ManagementJob Location GurgaonExperience 7 yearsRelevant Experience 7 yearsReporting to: General ManagerQualification: Bachelor's degree in IT and relevant Information SecurityCertificationsKey Deliverables:Provide support as Lead implementor towards ISMS and PIMS policies, procedures, and guidelines and ensure to perform regular review and update.Gather evidence of continuous compliance with ISO 27001:2022 and ISO 27701:2019, DPDPA, IT Act and Cert In Regulation including audit logs, records of reviews, timely closure of open audit and risks and sharing the report with management.Conduct regular, documented information security and privacy risk assessments on Security Tools and Technologies by identifying assets, threats, vulnerabilities, likelihood, and impact.Prioritize identified vulnerabilities, detailed findings, remediation recommendations, trending reports on vulnerability posture towards closure with stakeholders.Implementation of a comprehensive, ongoing security project plan for remediation of open audit gaps.Prepare regular report on overall information security posture, GRC maturity, and risk landscape to relevant stakeholdersPerform Root Cause Analysis and lessons learned from information security incidents, actively participate in audits and support internal IT staff to perform technical assessments and controls with evidence.Key Relationships: Internal IT and business customers .Global/Local IT Vendor, market and global (HQ) colleagues,Internal staff - direct reports (where applicable)IT vendors, contractors (where applicable)Knowledge Skills and Abilities:Must have ISO 27001 Lead Implementer and ISO 27701 Lead Implementer certifications.In depth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as well as UK DPA and ISO 31000Good to have certification on CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) and Cloud Security certifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty)Familiarity with common vulnerability scanning tools like Qualys (features, reporting, agent-based vs. network scans) and Cloud Security Posture Management (CSPM) tools like Wiz (cloud service provider configurations, misconfigurations, compliance checks in AWS, Azure, GCP).Conduct and lead IT DR drills and Tabletop exercises with internal IT teams.Hands on knowledge on common security technologies (e.g., firewalls, EDR, Cloud Security, VAPT tools, SIEM, WAF, DLP, PAM, BAS, encryption etc.,).Ability to handle and manage Endpoint, Perimeter, Cloud and Data Security technical consoles with configuration and fine tuning of policies.Understanding of various penetration testing types (e.g., network, web application, API, mobile, cloud) and methodologiesKnowledge of common attack vectors and exploitation techniques like MITREATTACK and DEFEND, NIST Cyber Security Framework.Excellent technical writing skills for creating clear, concise, and comprehensive security policies, standards, and procedures.Ability to analyse complex risk data and present actionable insights.Proficiency with GRC platforms or tools for managing policies, risks, and controlsExceptional verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholdersStrong technical skills to diagnose security issues, identify root causes, and develop effective solutions.Ability to develop and deliver engaging security training sessions and awareness campaigns to internal IT staff.Ability to stay updated with the latest security threats, vulnerabilities, technologies, and regulatory changes.mail updated resume with salary details-email: etalenthire@gmail.comsatish- 8802749743website: www.glansolutions.com
