- Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) on information systems.
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
- Assist in patching network vulnerabilities to ensure that information systems are safeguarded.
- Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure that they provide the intended level of protection.
- Conduct and/or support authorized penetration testing on enterprise network assets.
- Execute and manage risk and vulnerability assessments processes.
Required Skill & Abilities
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of Risk Management Framework (RMF).
- Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
- Knowledge of SIEM deployment and management throughout its lifecycle.
- Ability to perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
Please share your resumes in MS WORD format at email@example.com
Note: Please mention the position in the subject line. Only shortlisted