Information Security Specialist - Vulnerability Management

Key Responsibilities : Security Compliance and Frameworks : - Work with security compliance frameworks (e.g., PCI DSS, SOC 2) and participate in control testing strategies. - Assist in coordinating PCI DSS and SOC 2 attestation activities, monitoring process owners to ensure ongoing compliance is organized, structured, accurate, and current. - Ensure adequate and effective IT controls exist to meet current and future security compliance requirements found in local, state, federal, and international laws and regulations (e.g., PCI, SOC2 Type 2). - Support the review of third parties for compliance with company standards and industry regulations. Risk Assessment and Mitigation : - Work with a variety of stakeholders (internal and external) to understand and assess cybersecurity strengths, weaknesses, and gaps in adherence to controls. - Develop solutions and documentation to address identified security coverage gaps. - Review application security risk assessments for new or updated internal or third-party applications. - Perform application and technology design reviews, requirements analysis, and risk remediation planning. - Analyze information to derive decisions about risk acceptance and risk mitigation, and identify strategies to reduce information security risk. - Coordinate the development, management approval, and communication of IT security risks across the company. Policy and Procedure Development : - Have experience drafting and communicating security policies, standards, guidelines, and procedures. - Develop and update a centralized repository of security policies, standards, and controls aligned with corporate and regulatory requirements. Technical Security Expertise : - Possess cybersecurity business and systems subject matter expertise, especially in Application Security, Data Security, Data Governance, and Network Security domains. - Have general working knowledge of security needs for operating systems, databases, applications, Web services, user devices, and networks. - Experience with vulnerability scanning and intrusion detection techniques. - Working knowledge of the security issues/concerns that impact enterprise environments and related technologies that can address these security concerns. - Provide technical advice to those who install, administer, and update computer-based systems. - Perform log reviews and possess an understanding of logs from IPS, Windows, Antivirus, HIDS, and Backup systems. Security Program Development and Support : - Experience developing security programs (e.g., IT Risk Assessment, Compliance, Vulnerability Management, Vendor Security). - Proactively monitor, analyze, and provide guidance on security vulnerabilities and incidents to support remediation activities. - Ensure the identification, tracking, prioritization, and remediation of all internal/external compliance requirements. - Respond to RFI (Request for Information) questionnaires from clients. - Conduct awareness training for new joining users. Project Leadership : - Lead the information security aspects of business initiatives and IT projects to assist in mitigating security risks for information, business, and operational applications and systems across the company. Other Duties : - Perform additional duties as assigned by the Head of : - Bachelors degree in Information Systems, Computer Science, or equivalent combination of education, training, or work experience. - A minimum of 2 years of relevant industry experience in information security OR 2 years in information security with an additional 2 years of industry experience in IT system audit and/or system/network administration. - One or more of the following industry certifications or equivalent is preferred : CEH, ISO 27001 LI, PCI DSS Implementation. - Experience with security compliance frameworks (e.g., PCI DSS, SOC 2), and control testing strategies). - Skilled at working with a variety of stakeholders (internal and external to the organization) to understand and assess cybersecurity strengths, weaknesses, and gaps in adherence to controls with the ability to develop solutions and documentation to address identified security coverage gaps. - Cyber security business and systems subject matter expertise - especially in Application Security, Data Security, Data Governance, and Network Security domains. - General working knowledge of security needs for operating systems, databases, applications, Web services, user devices, and networks; experience with vulnerability scanning and intrusion detection techniques. - Working knowledge of the security issues/concerns that impact enterprise environments and related technologies that can address these security concerns and general knowledge of IT Audit techniques. - Experience drafting and communicating security policies, standards, guidelines, and procedures. - Experience developing security programs (e.g., IT Risk Assessment, Compliance, Vulnerability Management, Vendor Security). - Excellent written skills to be used in the development, review, and refinement of cybersecurity standards, SOPs, and policy with communication skills (verbal and written) to communicate to all levels of the organization. - Experience with log review and understanding (IPS, Windows, Antivirus, HIDS, Backup). - Experience responding to RFI questionnaires (Client Questionnaires). - Experience conducting awareness training. Preferred Qualifications : - Experience with specific security tools and technologies relevant to the domains mentioned. - Knowledge of scripting languages for automation (Python, PowerShell). - Familiarity with cloud security concepts and best practices (AWS, Azure, GCP) (ref:hirist.tech)

Location: maharashtra, IN

Posted Date: 4/15/2025