Maximus Global Consultants
Mumbai, Maharashtra, India
Responsible and accountable for managing risks in the organization related to
Information Security .
Ensuring compliance to
Internal policies and procedures
Maintaining and updating the threat landscape for the organisation on a regular basis including staying up to date about the latest security threat environment and related technology developments.
Establishing a cyber- security program and for management of various Group security policies.
Developing and implementing a security architecture for the organisation by leveraging technology and understanding of threat landscape.
Establishing and reviewing the Risk Assessment methodology and selection of appropriate controls for risk mitigation by leveraging technology and an understanding of the threat landscape in the organisation.
Ensuring Compliance to regulatory requirements. Interacting with regulatory bodies and external agencies that could be of help to maintain information security for the organization.
Ensuring that the following activities are carried out at regular intervals, either directly or through the deployment of subject matter experts:
Vulnerability Assessment & Penetration Testing (VAPT) of all websites, portals and IT systems, on a quarterly basis at a minimum
Web Application Security Assessment (WASA), Software Development Lifecycle (SDLC) Audit and periodic Code Reviews to ensure that applications continue to be secure
Information Security Audit of IT Systems and controls, including site audits as appropriate.
Log review, analysis and exception reporting
Periodic assessment / audits of third party service providers to assess risks to you organisation
Ensuring that the IT infrastructure deployed for online operations is kept up to date as per policy and is always under maintenance and technical support so that security patches and bug fixes are regularly applied to protect the infrastructure from vulnerabilities.
Developing and implementation of scenario-based Incident Response plans to deal with Cyber crises, contingencies and disasters, attack on IT systems etc. This should include incident containment, assessment, root cause analysis, mitigation / prevention, continuous monitoring, forensics and reporting as required..
Coordination with stakeholders in all matters related to internal and external security .
Coordinating all matters related to security internally and externally while providing regular reports to the head of the organisation covering the following aspects.
Ludhiana, Punjab, India
ROLES AND DELIVERABLES
IT Security Planning and Standards
Responsible for the future planning and strategy for IT Security across the enterprise
Works closely with the CIO and IT Infrastructure Head in the evaluation and selection of security technologies, systems and services
Develop IT security standards and facilitates best practices for IT Security across the enterprise
Present IT security policies, new emerging threats, incident summaries, etc. to CIO as necessary
Develops and maintains a program to improve end user awareness of security issues
Conducts regular vulnerability scans (minimum quarterly) and annual penetration testing of the environment
Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
Security Software Management
Prime contact for all Software Security Services provided to trident, including Network Intrusion Detection, Security Information and Event Management, and is the escalation point for operational policy issues covering antivirus, web filtering and firewall administration.
Interfaces with the vendors to review security risks affecting Trident and operational activities in the security space
Keeps abreast of security events, issues and services in the wider market, and advises the organization on security issues affecting Hess in a timely and effective manner
Analysis on qualitative and quantitative Risk Approach i.e. Risk Assessment of all assets across group along with Risk Treatment Plan.
Coordinates compliance and auditing activities and facilitates migration of non-compliant environments to compliant environments
Key Performance areas
Business continuity server and data redundancy
Process adherence for minimizing security risks
ROI of IT Investments
Number of business IT projects (improvement)
Skills and Qualification-
Information security management qualifications such as CISA, CISSP or CISM
Education:UG -BCA - Computers, B.Tech/B.E. - Any Specialization PG - M.Tech - Computers, Electronics/Telecommunication, MBA/PGDM - Any Specialization, MCA - Computers
Futurestep Recruitment Services Private Limited
Hyderabad, Telangana, India
Capabilities & Requirements:
Develop and support highly automated, reliable and available IAM solutions
Develop and support Identity Management system
Develop and Support SSO Federation (SAML/OAuth/OpenID-Connect) solutions for internal applications and externally-hosted SaaS applications
Support PKI solutions for internal applications, devices, and systems and manage PKI systems.
Implement and support Privileged Access Management solution using Thycotic Secret Server
Understand existing authentication and federation ecosystems and support the environment
Work on defects and bugs to improve user interaction with IAM systems
Coordinate with onshore team to understand requirements and tasks
Provide daily and weekly status to onshore team
Leverage system analytics and gather usage metrics to process and deliver enhancement requests
Provide advanced troubleshooting, participate in on-call rotation, and develop solutions and processes to reduce off hours support calls
Provide Scripting expertise to automate critical manual processes.
Monitor, support, troubleshoot and problem resolution of IAM/PAM service and related incidents.
Provide Administration support for all the IAM tools
Document solutions and root cause analysis in company knowledge base
Resolve issues reported via tickets/requests,
Perform QA testing on new solutions
Maintain version control of files
Prepare and update run books for service desk for new IAM catalog items.
Monitor production servers and processes
Experience in any of the Identity Management tools - Sail point Identity IQ (Preferred) or Sun Identity Manager (Oracle Wave set)
Strong development skills using Java, J2EE and Bean Shell, REST Web Services
Experience in any of Single Sign On tools like - Ping Federate (Preferred) or Tivoli Access Manager (Preferred)
Experience in any PKI infrastructure - Prime Key PKI (Preferred)
Experience in any of the Privileged Identity Management tools - Thycotic Secret Server, CyberArk, etc.
Proven experience managing and deploying PKI infrastructure including managing CAs, SCEP for cert enrollment, CMP (Certificate management protocol) for automation
Experience with certificate management functions Registration Authorities (RAs), CRLs, HSMs, OSCP to deploy complex PKI system with other technologies
Experience with integrating using Kerberos, OAuth, OpenID Connect
Understanding of Kerberos, Web Services, Wireless Networks, AD, LDAP, MFA technologies
Experience in Multi-Factor Authentication (MFA) soft/hard token solutions, OTP, PKI/Certificates, Web Servers (Apache, Tomcat, WebLogic, JBoss, IIS)
Experience in Custom Connector and workflow development
Experience in Active Directory and LDAP integration through IDM
Experience in Windows Power shell development
Knowledge of Application server like Tomcat or JBOSS
Knowledge of Database like Oracle, MS SQL Server or MySQL
Technical proficiency with technologies like PKI, 802.1x/EA-TLS Authentication protocols
Knowledge of SDLC methods
Strong communication and interpersonal skills
Experience in implementing enhanced security for elevated accounts in Active Directory.
Experience in working with UNIX based servers
Experience working on large, cross functional, globally distributed and complex projects
Ability to communicate ideas effectively to team members
Nice to have: Security certifications: CISSP, CISM, CISA, CEH, etc. prefered
REQUIRED EXPERIENCE AND EDUCATION:
3+ years experience in Information Security
4+ years experience in developing and administering Identity Management tools such as Sail point (preferred), Oracle Wave set, etc.
4+ years experience in managing Single Sign-On (SSO) environments, SSO Federation (SAML) both as an IDP and SP
2+ years experience in developing and administering Privileged Identity and Access Management tools such as Thycotic Secret Server (preferred), CyberArk, etc.
2+ years experience in managing PKI environments
3+ years of development skills (.NET, Java, Web services, scripting)
Sidjobs Consultancy Private Limited
Mumbai, Maharashtra, India
Cyber Security professional service delivery & program management
Supervise, guide & drive delivery of assurance & consulting, security solution design
Provide inputs & response to Cyber Security RFP/ proposals
Desired Candidate Profile
UG: B.Tech/B.E. - Any Specialization
PG: MCA - Computers, M.Tech - Any Specialization, MBA/PGDM
Doctorate: Doctorate Not Required