INFORMATION SECURITY & RISK MANAGEMENT (NIGHT SHIFT)

Pranay Kumar Jan 11, 2021 708 0

INFORMATION SECURITY & RISK MANAGEMENT (NIGHT SHIFT)

URL to Apply- https://www.naukri.com/job-listings-information-security-risk-management-night-shift-guardian-india-operations-private-limited-chennai-gurgaon-5-to-10-years-110121006283?src=jobsearchDesk&sid=16103728578098142_4&xp=17&px=1

from 5 to 10 year(s) of Experience

Chennai, Gurgaon

Not Disclosed by Recruiter

Job Description

Roles and Responsibilities

Major Opportunities and Decisions:

Manage the IT Risk and Controls Book of Work including managing the resources and able to pivot based on resource availability and activities.
Provide leadership to the analysts and ensure proper completion of activities and manage escalation to senior leadership.
Provide solutions to IT areas to ensure proper controls are in place based on policies, regulations and best practices.
Perform the terminated worker quality assurance process, source report validation (prep for audit), spot-test manual access and investigate root cause - to help ensure controls are continuously operating effectively.
Manage remediated exceptions prior to formal retest by MAR, IA, and PwC auditors.
Educate and influence IT employees and management on internal control issues and best practices.
Leverage resources across IT and business areas as needed

Principal Accountabilities:

Accountability

Activity

SOX/MAR expanded testing support and Reporting - 50%

Expand SOX/MAR control testing to non-KFS based systems and components.
Educate platforms/systems owners on IT general Controls (Logical Security Administration, Change Management, Computer Ops, etc.)
Work with owners on remediating any gaps identified and see it through completion.
Ensure that controls are monitored and operating as appropriate
Escalate un-remediated gaps to management

Work with the Application Access Mgt team to ensure completeness of the entitlement reviews 10%

Validate Completeness and accuracy of OS and database entitlement reports (e.g., directly from sample components and reconcile to the system generated reports to ensure groups, sub groups, user and Non-unique accounts, privileges, and all servers/DB are in the reports) [AD, wintel, DB2, UDB, SQL, AIX, LINUX, ORACLE]

Monitor compliance with Guardian IT policies/GCSO - Password 10%

Through periodic inquiry and inspection of different platforms/servers/database ensure password attributes are setup according to Guardian policies.
Inspect any Fine Grain Password Policy
Ensure any default password set up is changed to comply with policies

Monitor compliance with Default/non-unique accounts controls 10%

Ensure all Default accounts are disabled or renamed (e.g. Admin).
Through inspection ensure access to all non-unique accounts that have interactive log-on capabilities are either restricted or monitored.
On a Quarterly basis, ensure completeness of MAR in-scope accounts being monitored in Splunk/Sentrigo (AD, DB, Linux, etc.)

Monitor compliance with Change management controls 10%

Ensure all system and application production changes are following Guardian Change mgt methodology
Ensure authorization, testing, and segregation of duties (access of administrator, developers and production implementors).

Monitor compliance with Data backups and restore controls 10%

Ensure all production data are backed up according to the specified schedule (daily, weekly, etc.) through inspection of scripts configuration
Ensure all alerts are setup appropriately for missed/failed backups

Skills and Knowledge:

Competencies/Skills:

Achieve Results

Take ownership & accountability for actions and results
Convey a sense of urgency
Meet deadlines without compromising quality & accuracy
Set realistic goals, prioritizes appropriately and follows through
Persists in the face of obstacles & resolves issues as they arise

Values People

Show respect for & cooperate with individuals of a variety of backgrounds
Build effective working relationships, work to include others
Acts as a team player by collaborating and working toward common goals
Handle conflict & friction effectively

Learns & Adapts

Act with confidence even when faced with challenging situations
Respond quickly & effectively to new demands, priorities or changes in direction
Change behavior & adjust tactics in order to support a changing environment
Seek opportunities to grow & develop professionally
Apply new learning & experiences to current set of responsibilities

Does the Right Thing

Lives up to commitments
Demonstrate high standards of professionalism & customer service
Holds self and others accountable for actions/decisions
Acts honestly & fairly in business practices and dealings with others

Communicates Effectively

Gets point across in both written & verbal communications
Interacts with people openly & directly
Presents ideas in a clear, concise manner
Listens willingly and openly to others
Adjusts communication style to appropriately fit the audience
Openly shares information & provides people access to knowledge & resources

Demonstrates Business Knowledge

Demonstrates knowledge necessary to do the job
Understands impact of work on other areas of the business
Keeps up-to-date with new developments & applies this information to the job
Understands how individual contribution supports broader department goals

Puts Customers First

Actively listens to what customers (end users/sponsors/stakeholders) have to say & follows through on inquiries, requests and complaints
Takes action to resolve customer problems promptly & to ensure customer satisfaction
Knows & interacts with customers; understands & anticipates their needs/priorities
User\'s feedback as an opportunity to continuously improve customer service levels

Improves & Innovates

Proactively seeks out and encourages new ideas
Challenges the status quo
Takes thoughtful risks to find better ways of doing things
Finds opportunities to enhance products & services
Adopts best practices and lessons learned from within & outside the organization

Uses Sound Judgment

Breaks down problems into manageable parts & appropriately sets priorities
Analyzes issues from multiple perspectives; seeks the opinions of others
Seeks appropriate information and input before making decisions
Recognizes broader implications before making decisions
Anticipates problems & develops alternative solutions

Education and Experience:

Education:

Minimum Bachelor\'s Degree in Business Administration, Computer Science, Information Systems Administration or an alternative technology related field

Experience:

Minimum of 6 years\' experience, preferably with 3-5 years as an IT audit manager for a Big 4 or large regional/national accounting firm
Demonstrated expertise with IT processes, controls and related standards and best practices
Expertise with some US Internal Controls frameworks: e.g. COSO, COBIT, Sarbanes-Oxley / MAR, etc.
Strong proficiency in identifying and evaluating complex business and technology risks, internal controls to mitigate risks and related opportunities for improving automated/IT controls
Excellent knowledge and experience assessing and auditing IT systems and controls; networks and operating systems and/or application support, IT General Controls and IT Application controls.
Independent, self-starter, with a strong work ethic, high degree of motivation and the ability to contribute to a positive team attitude; proven dedication to teamwork, and integrity within a professional environment

Requirements: