Job Description :
SECURITY COMPLIANCE

Below is the brief description
Manage the Information Security team
Serve as the central point of contact for InfoSec technology for the company and ensure that security is integral to strategic IT, business and technology decisions.
Assist in the definition, design and implement defensive, detective and preventive processes, procedures, best practices and instrumentation around the perimeter of Grand Rounds systems and related commercial offerings which are used to deliver our services.
Lead and work with the InfoSec team to design and implement information security defense architecture, solutions, tools and automation for the continuous protection of our corporate systems and information assets.
Develop state of the art training program for product engineers in best-practices for security testing. Provide feedback on security components of the product design.
Help identify, define and document the system security requirements and hardening standards for the infrastructure and application stack.
Work with stakeholders to survey, identify and recommend best-fit solutions and lead their implementation where appropriate. Examples include but are not limited to: IDS/IPS, SIEM, HIDS, FIM, Vulnerability Scanners, Web Application Firewalls, Threat Monitoring and Detection.
Internally manage security assessments on our internal and customer-facing systems.
Perform security gap assessments and penetration tests, generate comprehensive reports and recommendations on the security risks and vulnerabilities. Act as the Incident Response Lead and perform security incident response and investigations in a timely manner.
Partner with the Director of Compliance & Audit and collaborate on aligning security to audit and compliance requirements
Prepare and document relevant standard operating procedures.
Prepare security metrics for the senior management.
Perform maintenances after hours and in change windows, if needed.
Participate in on-call rotation.
Qualifications:
Minimum 5 years work experience as an Information Security Engineer, Technology Leader or Manager, preferably at companies with SaaS based enterprise software products for the financial or healthcare industries.
Current knowledge of commercial security product and service offerings in the marketplace.
Awareness of and practice in the evaluation of cloud based offerings such as Infrastructure as a Service and Software as a Service (IaaS and SaaS
Demonstrated technical knowledge in tools / methods in securing Networks, Applications, Databases and OSs.
Hands-on experience in deploying and administering security tools and appliances - creating policies, tuning, log analysis, troubleshooting and diagnosing problems.
Deep experience with all the components of a complete security solution: Security Information and Event Management; Threat Monitoring, Content Filtering and Response, File Integrity Monitoring; and Application Security Management etc.
Familiarity with securing web related technologies (Web applications, Web Services, APIs, Service Oriented Architectures
Experience with manual or automated security assessment, vulnerability validation and/or penetration testing and security audits - SSAE16 SOC2 preferred.
Expert knowledge and prior experience with industry frameworks and standards like HIPAA, PCI DSS, SOC2, ISO27001.
Thorough understanding of the current threat and attack landscape, latest security trends and principles.
Security certifications in at least 2 of the following: CISSP, GSEC, CCSP, CEH, OCSP, CHFI, GIAC.
Excellent communication skills and ability to document and explain technical details clearly and concisely.
Ability to work cross functionally across the Enterprise, peering with relevant SME’s and groups to position for success.
B.S. degree in Computer Science or related field or equivalent combination of professional development training and experience.

Client : Zensar