Role Proficiency :
With strong knowledge and competence independently carry out the assigned tasks with minimal support from the supervisors.
Handle the internal audits to ensure the compliance requirements of various applicable standards and more independently handle VAPT / Red Teaming assignments and involve in customer discussions to identify requirements. (Minimum Supervision)
Handle the assigned tasks from the allocated domain with minimal guidance from the leads. (Domain Examples : BCMS Risk assessment Incident management HITRUST SOC Customer Assurance Awareness activities Data Privacy VAPT Red Teaming etc.)
Should independently handle internal audits (with minimal support from the leads) to ensure compliance with ISO 27001 / ISO 22301 / ISO 27701 requirement as well as process specific requirements.
Responsible for the effective documentation of internal audits (reports) with accurate mapping to control points.
Point out the non-conforming areas and suggest measures to improve the information security posture.
Understand IT Controls implementation and to conduct Risk Assessment.
Involve with the leads in customer discussions to clearly identify / document the requirement.
Perform Security Assessment scoping independently based on security standards like OWASP.
Perform Web Application Penetration Testing Network Penetration Testing Mobile Penetration Testing and Code Review independently based on the guidance from leads.
Learn and understand existing and emerging security practices with minimal guidance from the leads.
Mentor A1 and A2 band employees
Independently handle preparatory sessions and evidence collections from all applicable teams as part of any external audits
Independently contribute to infosec awareness activities
Contribute to establish a tracking and reporting strategy.
Measures of Outcomes :
Number of internal audits conducted or security assessments been a part of.
Number of Areas of responsibility on cross domains
Number of NCs in external audits
Less than two stake holder escalations
More than two appreciation from the stakeholders
Outputs Expected : Documentation :
Policy and Procedure amendments Awareness training materials Presentations decks for internal / external discussions Audit / Security Assessment reports
Internal ISMS audits independently carry out audits prepare audit reports and ensure timely closure of audit reports
Compliance Audits Representation in certification audits conduct preparatory session and evidence collection
Infosec activities training material conducting sessions co-ordinate with other teams for trainings conducting
Customer Assurance assist in customer assurance requirements and evidence collection
Vulnerability Assessment and Penetration Testing / Red Teaming Activities
Assisting the leads in executing other location responsibilities.
Mentoring and monitoring the responsibilities of A1 and A2 band employees
Training or certifications :
3 per year (1 certification and minimum 2 of UST training related to Information / Cyber Security domains)
Skill Examples :
Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions.
Strong compliance auditing knowledge.
Ability to interpret all scenarios applicable to the business for identifying the potential risks associated with various functions / services.
Proficiency in Network Security Controls' implementation like IAM IPS / IDS E-Mail Security Controls Cloud Security Controls etc.
Detail oriented customer oriented result delivery oriented analytical thinking
Strong Excel and Dashboard skills.
Excellent Presentation and communication skills
Excellent verbal and written communication skills required including the ability to effectively communicate in both highly technical and non-technical environments
A great problem solver with the knack of coaching others to do the same
Good at working in a team and with other teams
Good time management
A desire for continuous learning and skill development.
Self-motivated and enthusiastic
Knowledge Examples :
Additional Comments :