We are looking for a Certified Information Systems Auditor (CISA) for our client based out of London, UK. The candidate will be leading a subsidiary team working as a part of the Information Security team based out of different client locations all over the world. The candidate’s primary duties will involve execution of existing vulnerability assessment plans and making adequate recommendations regarding upgrading the client’s protocol wherever necessary. You would also need to implement monitoring processes that would fix any current loopholes in the client’s security protocol.
The roles and responsibilities will include the performance of the following tasks:
- Execute the established vulnerability assessment protocols. Write detailed reports about the findings while making suggestions for improvements.
- Create training materials concerning the most recent vulnerabilities and roll-out updates to all system administrators located in different offices all across the globe.
- Pro-actively perform system hardening tasks while creating adequate documentation for every step of the process.
- Document every security event and collect all the relevant data from these events.
- Use the information received from the security events to roll out incident management updates with sufficient documentation.
- Maintain and if necessary upgrade the client’s reporting metrics.
- Adhere to the client’s policies and standards and make recommendations wherever necessary.
- Be a point of contact for any security related questions the business stakeholders might have.
- Review the project plans and software architecture to ensure that they fall within the security guidelines.
- Should have been working as an Information Security Auditor for at least 3 years.
- Should have the necessary CISA certification.
- Needs to be able to perform system hardening tasks across different operating systems, primarily over Linux and Windows.
- Should be an expert at handling different scanning tools such as Nessus, Qualys, NMap, etc.
- Needs to be adept at manual pen-testing skills as well!
- Needs to be able to manage the SSL certificate requirements.
- Needs to be aware of the PCI guidelines.
- Some basic command line scripting that would help monitor security processes will be extremely helpful.
- Needs to have outstanding verbal and written communication skills.
- A degree in Computer Science or Engineering would be highly desirable.