Define, Develop and review information security policies, procedures, guidelines, forms and templates as per best practices.
Assist in security Metrics and Maturity – Provide and track Dashboard / Reports as per defined parameters. (ISO MOE)
Review, Report and track Security Self-Assessment report.
Reporting, tracking and escalating Security Audit of existing Application by Third Party.
Assist and Recommend measures to ensure compliance with ISO 27001 or any such best practices.
Assist to get ISO 27001 certification by identification of risks and implementation of appropriate controls in the ISO Audit scope. Recommend practical and implementable controls based on business, process and technology requirements for ISO 27001:2013/2022.
Support post implementation and continuous audits for ISO 27001:2013/2022 and ensure compliance.
Risk assessment of activities and coordinate with stakeholders till closure signoff / risk acceptance.
Prepare, Collate and submit periodical security reports like patch management report, antivirus / anti-spam report, IPS report, security incident report, Software License Compliance Report and third party security reports on Information Security Activities to Management. Update the daily, weekly and monthly dashboards.
Conduct periodic Internal Information Security Audit of different functions within Rakuten Symphony.
Possesses certifications such as ISO27001 LA/ LI, CISSP, CISA, CISM certification (Good to have)
The key skills required are as follows:
Knowledge and Hands-on experience in ISO 27001 standards.
Experience in documenting the security policies/ procedures/ risk and controls matrix and defining KPI/ risk treatment plans/ security roadmaps.
Advice on Governance, Risk and Compliance Frameworks.
Responsible to assist team in review / implement Information Security controls in areas as mentioned, but not limited to:
Infrastructure and Network Security, configuration of security devices
Privilege/ User identity and access management
Incident management process, SLA performance and monitoring
Business Continuity Planning, IT Disaster Recovery planning, Backup and restoration process
End point protection, Antivirus management, Asset Management
Information Handling, Data Protection and data privacy (including controls with respect to GDPR/ HIPAA)
Good understanding of various tools and technologies such as IAM, , SIEM, DLP,EDR, MFA, VPN, MDM.
Responsible for conducting vendors risk assessment and providing a holistic view on risk exposure due to outsourcing
Manages day-to-day relationships at mid and lower levels.
10+ years of progressive security engineering experience with expertise in multiple
security domains such as Security Architecture, Cryptography, Network Security,
IT Infrastructure Security, Cloud Security, Mobile Security, and Web Security.
Demonstrated problem-solving skills with strong communication and a solid technical
understanding of standard methodologies in security engineering.
Experience in managing company-wide Product Security programs.
Expertise in Secure Development Lifecycle and Shift Left methodologies with a focus on Security by Design.
Proficiency in scripting languages (e.g., Python, C, C++, Java, Ruby, or
Experience in applying security engineering practices that align with security and privacy compliance requirements.
A Bachelor's Degree and Master's Degree in Computer Science or a related field (or equivalent experience).
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology and Project Management
Industries
Telecommunications and Information Services
Referrals increase your chances of interviewing at Rakuten Symphony by 2x