Information Security Consultant - Penetration Testing

Skills & Competencies : - Subject knowledge (Information security, Cyber Security, Data Privacy) Security Analysis, Network Security , Good understanding of technology (IT certification preferred) Min. Educational Qualification : Graduation Relevant Work-experience : - 4 to 10 years of Information Security experience, 2 years min. information security in BFSI Insurance, OSCP, CEH, CISSP, CISA, CISM, ISO 27001:2013 LA Job Description : - Manage Information Security Projects, Audits, assessments etc - Perform Technology Risk Assessments for processes, technologies - Develop and review IS standards, guidelines for new technologies - Periodic audits and assessments as per Infosec calendar Be responsible for setting IS Standards, Checklist, Guidelines such as : - IS guidelines and any supporting templates; - Standards for Technology Risk Assessments (TRA) for any process / technology change or new technology sourcing - Manage internal / third party Ethical hacking / Vulnerability Assessment / - Penetration Testing, Red Team assessment activities etc. - Methodology / checklist for performing the TRA and approval matrix based on the results of the TRA - BCP / DR standards including methodology for conducting Risk Assessment (RA) and Business Impact Analysis (BIA) - Application security and Vendor risk assessment standards - IS related trainings standards including frequency for IS related trainings for employees / contractors and the IT / IS teams - Security testing baselines for conducting Vulnerability Assessment and Penetration Testing of IT systems (infrastructure and applications) including mandating the use of internal and external vendors based on asset classification - Liaising with the business teams to define the roles within each application under their purview depending upon the business requirements - Shall review the training / skill set requirements for the SOC / LAM / DLP teams - Manage Information Security Projects/assessments etc - Perform daily InfoSec operational activities like FnF Clearance, approvals etc. - Conduct or participate Cyber security drill as per the requirement - Perform daily InfoSec operational activities and Monitor, manage Information/Cyber Security Incidents - Assign detailed responsibilities and action steps to manage cyber crisis - Identify the active risks along with the threat vectors related to cyber crisis - Support response and investigation activities related to the cyber crisis - Review regulatory impact and compliance obligations - All other tasks/activities/projects etc. delegated by Chief Risk Officer (CRO) / Chief Information Security Officer (CISO) Location : Mumbai (ref:hirist.tech)

Location: mumbai, IN

Posted Date: 2/23/2025