Lead/Sr. Security Engineer - Info Audit Support
First Advantage
Bangalore, Karnataka, India
6d ago

What You'll Do

focuses on risk and control functions response activity in support of client risk management and audit program. Provides back office support to Sr.

Manager Third Party and Customer Assurance to improve audit and assessment processes. Works under general supervision and performs work of moderate to complex difficulty coordinating and responding to Client security assessments and third party compliance assessments and takes the lead in collating the supporting evidences for responding to the client InfoSec questionnaires and closes the assessments on time.

Will also focus on additionally manage & train the existing team and any other new recruits under this team

Responsibilities :

  • Actively collates responses to the third party / client assessment and / or risk questionnaire management program
  • Develop and report on key risk metrics for the third-party / client risk management program for tracking the same in Archer.
  • Participates and collaborates in InfoSec team risk assurance projects internally and contributes ideas to improve the client risk management program.
  • Continuous inputs for client risk assessment responses TAT and remediation tracking.
  • Basic RCA based on client risk assessment audit findings and reporting to the manager for its remediation tracking in Archer.
  • Recommending modifications and changes, if any, to the current client / third party risk management process and benchmark to the evolving global best practices when suppliers also may service us from Cloud platforms.
  • Strive for continuous risk improvement from a client risk perspective to our operations.
  • Ability to evaluate risk implications inherent in new or changing third party relationships as part of the risk questionnaire responses shared.
  • Understanding of General IT technology / Infrastructure concepts (design, development, UAT, licensing, hosting, etc.) and cloud security.
  • Actively collates responses and does Quality checks to the third party / client assessment and / or risk questionnaire management program managed by this team
  • Subject Matter Expertise in the support to respond for InfoSec questionnaire responses and demonstrate the evidences for the same control objectives to clients / external auditors.
  • External Audit hosting / responding management by following the ISMS ISO 27001 -2013 audit Framework domains controls : like Enterprise risk Management, Business Continuity Management, Vendor Management, Compliance, and Policy controls
  • Basic RCA based on client risk assessment audit findings and reporting to the manager for its remediation tracking it in Archer and creating dashboards.
  • Ability to evaluate risk implications inherent in new or changing third party relationships as part of the risk questionnaire responses shared.
  • Will focus to additionally manage & train the existing team and any other new recruits under this team
  • Working closely with internal business owners to resolve any risk mitigation issues responded for the findings.
  • Participates and collaborates in InfoSec team risk assurance projects internally and contributes ideas to improve the client risk management program.
  • What You May Need to be Successful

  • Total 7-8 years of experience in information security or operations Risk Management
  • 3+ years of IT Audit experience both internal and external with minimum ISO27001 Lead auditor certification also preferably other security certifications like ITIL, CISA, CISM and CISSP
  • Understanding of IT and Security Risk as it relates to Client’s Risk Management highly preferred
  • Ability to evaluate risk implications inherent in new or changing third party relationships
  • Good understanding of Enterprise Risk models and frameworks like ISO27001 / NIST / COBIT / PCI-DSS.
  • Experience working with a diverse range of data sources / streams and managing these effectively
  • Excellent analytical, decision-making and problem-solving skills
  • Ability to develop partnership-oriented relationships with other operations and support functional leaders, especially as it relates to third party / client risk management.
  • Excellent verbal and written communication skills to technical and non-technical audiences of various levels within FADV as well as to global outside parties like customer auditors
  • Ability to provide information to a wide variety of audiences regardless of topic and effectively deal with issues that are confidential and sensitive in nature
  • Ability to persuade and influence others on next steps and be a team player within the global InfoSec team.
  • Must possess strong ethical standards regarding the handling of confidential information
  • Must possess good proficiency in MS Excel / Word.
  • Excellent communication and presentation skills required particularly with performing in-person or phone-based English-speaking client presentations and discussions.
  • Ability to handle cloud security related requirements of the client and the third-party suppliers
  • Experience in Archer or any GRC tools preferred
  • Why First Advantage is Your Next Big Career Move

    First Advantage is going through a technology transformation! We are looking for experts who are excited to work with advanced technologies and provide best-in-class user experiences, drive the development and deployment of scalable solutions, and smoothly guide our agile teams and clients through meaningful changes as we continue to expand our impact.

    More About Our Values Code

  • Honor Honesty, Consistency, Responsibility : Do the right thing
  • Cultivate an environment of dignity : Show respect for the individual
  • Take an Outside-In approach : Put the client first
  • Think out-of-the-box : Innovate and create
  • Stay Team-Oriented : Collaborate and appreciate each other
  • Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form