Senior IT & Security Analyst

Responsibilities : 1. Protecting the Company Digital Landscape : - Design and implement comprehensive security programs and cybersecurity strategy for networks, servers, and applications aligned with the organization & overall business objectives. - Secure cloud environments (AWS, GCP, M365 and other IAAS, SAAS) and manage cloud-related security risks. - Own and conduct regular vulnerability assessments and penetration testing to identify and address weaknesses on network, servers on cloud, cloud environment and oversee the remediation process. - Manage endpoint security solutions (like Microsoft Defender EDR with ATP) and ensure optimal performance of security tools and technologies. - Stay up to date on the latest security threats and best practices to continuously improve security posture. 2. Building a Culture of Security Awareness : - Develop and maintain security policies, procedures, SOP's and training programs to educate employees. - Collaborate with stakeholders to define and implement effective security measures aligned with industry standards and regulations. - Collaborate with other teams to ensure alignments with overall security strategy. 3. Ensuring Incident Preparedness and Response : - Lead incident response activities, including investigation, analysis, and resolution of security incidents. - Perform risk assessments to evaluate potential security threats and vulnerabilities impacting company systems. - Manage and drive root cause analysis to identify and address the underlying causes of security incidents. 4. Maintaining Compliance and Best Practices : - Drive ISO 27001 certification and ongoing compliance. - Develop and maintain (ISMS) Framework such as ISO 27001, CIS, NIST, PIA etc. - Conduct regular internal and external audits to assess ISMS effectiveness. - Manage and prioritize corrective actions to address identified non-conformities. - Contribute to developing and maintaining security metrics and KPIs to measure the effectiveness of security controls and processes. - Continuously monitor and update security policies and procedures based on best practices and industry benchmarks. - Establish and maintain a robust monitoring program for security systems and infrastructure. - Implement key performance indicators (KPIs) to measure the effectiveness of security controls. - Analyze security logs and alerts to identify potential threats and incidents. Experience and Education Requirements : - Bachelor's degree in computer science, Information Security, or a related field. With Minimum 10 years of experience in Information and Cyber security. - Deep understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, GDPR, HIPAA, PHI, Data Privacy etc). - Strong knowledge of cybersecurity technologies, including firewalls, intrusion detection systems, encryption, data loss prevention, and other relevant VAPT tools. - Excellent problem-solving, decision-making and documentation skills. - Ability to communicate complex technical information to both technical and non-technical audiences. - Skills : Professional certifications such as CEH, ISO27001, ISMS, CISM or related certifications are preferred (ref:hirist.tech)

Location: noida, IN

Posted Date: 11/24/2024