IT Security Auditor - PCI-DSS/HIPAA

Role Description : This is a full-time on-site role for an IT Security Auditor at FlairDeck located in Navi Mumbai. The IT Security Auditor will be responsible for conducting IT audits, evaluating IT controls, demonstrating analytical skills, and ensuring information security compliance. Job Description : The Third-Party Technology Risk Management team assumes primary responsibility for overseeing the risks linked to third-party vendors and suppliers on behalf of the bank. This role necessitates close collaboration with vendor stakeholders to ensure that the bank's shared data remains safeguarded through suitable security measures. It involves mitigating data-related risks and ensuring adherence to regulatory requirements. This entails evaluating the efficacy of these measures from the standpoint of data security and privacy. As a Third-Party Security Assessor, will be responsible for evaluating and assessing the security practices and controls of third-party vendors who have access to sensitive data or provide services to the organization. Role is crucial in identifying and mitigating risks associated with outsourcing arrangements, ensuring compliance with regulatory requirements, and safeguarding the integrity of the Bank's data and systems. The individual in this position must stay updated on emerging technologies, secure configuration standards, and associated risks. Key- responsibilities : - Conduct Third-Party Security Assessments : Perform comprehensive assessments of third-party vendors' security controls, policies, and procedures to identify potential vulnerabilities and risks. - Risk Analysis : Analyze the results of security assessments to evaluate the level of risk posed by third-party engagements. Assess the impact of identified vulnerabilities on the organization's data security and operational resilience. - Regulatory Compliance : Ensure that third-party engagements comply with relevant regulatory requirements, industry standards, and contractual obligations. Stay updated on regulatory changes and incorporate them into assessment processes. - Documentation and Reporting : Document assessment findings, including identified vulnerabilities, risks, and recommendations for remediation. Prepare clear and concise reports to communicate assessment results to stakeholders, including senior management and regulatory bodies. - Collaboration : Collaborate with internal stakeholders, including Business and Vendor Relationship Managers, Legal, Information Security, and Procurement teams, to facilitate the assessment process and ensure alignment with organizational objectives. - Vendor Management : Provide guidance to Business and Vendor Relationship Managers on selecting, onboarding, and managing third-party vendors from a security perspective. Assist in establishing and maintaining vendor security requirements and standards. - Continuous Improvement : Identify opportunities to enhance the effectiveness and efficiency of the third-party security assessment process. Implement best practices and lessons learned from previous assessments to continuously improve security posture. Qualifications : - Bachelor's degree in Computer Science, Information Security, or related field. - Advanced certifications such as CISSP, CISA, or CISM are preferred. - Proven experience in conducting security assessments and risk analysis, preferably in a financial or regulated industry. - In-depth knowledge of information security principles, frameworks (e.g. , NIST, ISO 27001), and regulatory requirements (e.g. , GDPR, PCI DSS, HIPAA). - Familiarity with third-party risk management practices, vendor assessment methodologies, and contract review processes. - Strong analytical skills with the ability to identify and prioritize security risks based on potential impact and likelihood. - Excellent communication skills, both written and verbal, with the ability to articulate complex technical concepts to non-technical stakeholders. - Ability to work independently and collaboratively in a fast-paced environment, managing multiple priorities and deadlines effectively. (ref:hirist.tech)

Location: navi-mumbai, IN

Posted Date: 12/21/2024