Qualification : Degree :
Bachelors Degree, Masters Degree
CISA, CISM, ISO 27001
Requirements Gathering :
Understand functional and non functional application security requirements.
Raise queries and seek clarification.
Use requirement gathering techniques like Interviews Focus groups Facilitated workshops to collect more information security requirements and refine them.
Design & Analysis :
Translate compliance and audit requirements into design.
Identify areas that need to be validated using POC and drive it.
Conduct and facilitate idea generation techniques like brainstroming benchmarking alternatives generation to come up with exhaustive and ideal design.
Create design documents LLD HLD etc.
Monitor and review installation and configuration of GRC automation products.
For enabling parallel development of custom component create skeleton / framework using which implementation will be done by GRC Engineers.
Identify customization requirements and create independent design for customizations.
Conduct code review ensure code quality and standard continous integration is done.
Clarify questions / resolve issues / concerns on time.
seek review from peer / GRC Specialist periodically.
Highlight any potential risks to Leads and seek inputs to resolve issues identified.
Update traceability matrix for the work package developed.
provide support on process audit activities.
Adhere to process and tools.
follow the SCM policies set for project.
Create unit test plan.
Review unit test cases.
Review unit test results.
Develop SDLC lifecycle artifacts based on customer SDLC process.
Change Management :
Review build and deployment instructions.
Schedule and review change requests.
Facilitate automation for build and deployment.
Facilitate building of tools / process for quick and efficient validation of application pre / post deployment (sanity checks).
Defect Management :
Analyze defects (identify dependencies between application / components alternate fixes etc).
Review defect fixes.
Ensure defect density is low defect leakage is null and first time right metric is high.
Coaching & Facilitating :
Build induction training conduct and facilitate.
Facilitate knowledge sharing within and among team through sessions.
Encourage team to take up domain / technical certifications.
Project Management :
Technical inputs expected for estimation.
Provide bottom up estimation for work packages.
Provide input to Security architect on dependencies between work packages.
Process Improvements and Adherence :
Identify areas where automation / improvements can be done develop accelerators to improve efficiency and productivity.
Identify pain points / gaps in process and suggest improvements.
Knowledge Management :
Contribute towards updating knowledge assets and reviweing user manual online help document installation manual / scripts.
Contribute / search / reuse all types of assets from repository.
People management :
Resolve conflicts within team.
Conduct periodic 1 on 1 to provide and receive feedback.
Business Development :
Technical support required for drafting solution response.
Must Have Skills
Cyber Security & Cloud
GRC Strategy & Implementation
Employee Status : Full Time Employee
Travel : No
Job Posting : Apr 09 2021