Information Security Officer
- India | Pune
- Full Time
We are looking for an Information Security Officer to join our team.
Windmill is a boutique digital product delivery company. Our team of designers, strategists and engineers love to create great experiences. We design and develop delightful and functional digital products that solve tough problems and enable new opportunities for enterprises in complex industries, such as banking & finance, healthcare, and compliance.
For more information, please check the company website at https://www.windmillsmartsolutions.com/
- Regular risk auditing and monitoring of systems.
- Compliance implementation, testing and reporting.
- Designing and testing of new IT solutions.
- Provision of business support at a high level and to a range of key stakeholders in relation to ongoing security improvements.
- Crisis management where required.
- Project management and project architecture.
- Review and analysis of delivered projects.
- Identify weaknesses and potential threats to existing information security toolsets.
- Perform continual testing on current systems to determine potential problems or security threats.
- Prepare reports for internal and external clients detailing the security issues, making recommendations and identifying solutions.
- Conduct cloud security reviews and network security assessments.
- Provide advice on hacking tools and techniques including advanced malware detection.
- Formulate an IT security incident response strategy and implement a method of notifying parties.
- Keep up to date with the latest thinking on secure coding and cyber-security issues.
- Support the business with a range of compliance requirements.
- The candidate needs to have:
- Network administration skills to test internal systems such as firewalls and IPS/IDS devices to ensure networks are safe.
- Standards related to implementing a risk management framework including COBIT, ITIL, ISO 27001/2 and NIST.
- Common Knowledge of programming languages including, C, C++, C#, Java, SQL, Python etc.
- Windows, UNIX and Linux operating systems.
- Encryption technologies, ethical hacking and penetration testing.
- Compliance skills in relation to key legislations such as the Health Insurance Portability & Accountability Act (HIPAA), The Sarbanes-Oxley (SOX) Act of 2002, Payment Card Industry (PCI), The National Institute of Standards and Technology (NIST) and The Gramm-Leach Bliley Act (GLBA) and compliance assessments.
- Ability to manage the Internet protocol suite which is the computer networking model and set of communications protocols used on the Internet including TCP and IP.
Softer skills include:
- Ability to work as part of a team but also independently and on own initiative.
- Flexible approach to tasks that may change daily.
- Analytical ability to break down problems into constituent parts.
- Solid communication skills and expertise to translate technical jargon into business familiar language.
- Proven ability to audit an IT environment and provide security and process recommendations.
- A bachelor’s degree in computer science, cyber-security or a related field including engineering, mathematics, Physics and other STEM subjects.
- Certified Information Systems Security Professional (CISSP) accreditation and/or CISA is desirable.
- Any one of the following certifications will be a definite plus.
- Systems Security Certified Practitioner (SSCP), Certified Information Security Manager certification (CISM), Certified in Risks and Information Systems Control (CRISC), Qualification in Internal Audit Leadership (QIAL) / IIA (diploma or advanced diploma)/ISO27001 (auditor or implementer), Certified Protection Professional (CPP), Offensive Security Certified Professional (OSCP), Physical Security Professional (PSP), Security+ and CSA+.
- Three to five years’ experience of working on security projects for major organisations is desirable.
- Solid understanding of security assessment and management is required.
- Security design, architecture and implementation is necessary.
- Compliance management is essential.
- Great project management and communication skills is a requirement.
- In-depth knowledge of data protection regulations and technology supporting fraud detection.
- Competitive compensation.
- Interesting tasks and challenges.
- Opportunities for enhancement.
- Friendly Environment.
- Opportunity to make a positive impact on the team.
If you’ve got the skills and experience and want to join our international team, please send your CV immediately! =)