Job Description:
Work-Experience:
Total 8-10 years in IT Technical role with at least 7 years’ experience in Information Security and exposure to regulatory audits and testing.
Type of Experience:
- Possess strong knowledge of IT security technologies, operating systems, databases, and network infrastructure.
- Experienced in implementing, managing, and auditing security and compliance regulations (NERC CIP, SOX, PCI DSS, GDPR, HIPAA, GLBA), standards (ISO 27001, BS 17799), and frameworks (ITIL, NIST, COBIT).
- Hands-on experience with GRC tools for building and supporting Governance, Risk, and Compliance solutions.
- Proficient in risk management, compliance assurance, and audit processes.
- Coordinate Information Security initiatives to support NERC CIP, SOX or regulatory compliance activities.
- Demonstrated success in delivering risk and compliance management services within a client-based delivery environment
Certifications
- CISSP / CISA / CISM / ISO 27001 is a must, along with other technical certification like CCNA, CCNP, CCSA etc.
Areas of Responsibility
- Develop and maintain NERC CIP compliance frameworks, policies, and procedures.
- Collaborate with internal and external stakeholders to fulfill security audit requirements and facilitate audit processes.
- Design and implement NERC CIP control testing procedures tailored to the organization’s IT environment.
- Conduct control testing for NERC CIP compliance across applications and IT infrastructure.
- Monitor and report Key Risk Indicators (KRIs), and perform root cause analysis for significant deviations.
- Continuously assess the effectiveness of existing security measures and identify areas requiring remediation.
