Job Id: 20201011026
Job Role: Cybersecurity Risk Assessor
Experience: Relevant Experience
Job Location: Bangalore
Salary: Best in Industry
Vacancies: Not Mentioned
Job Description IBM Careers Job Vacancies for Cybersecurity Risk Assessor in October 2020:
Candidate will be responsible for assessing the security capabilities of third-party products, services and solutions, including the security of the supplier environment and the integration points. The candidate will require technical expertise in leading technologies such as Cloud, Kubernetes, Containers, Data analytics or AI technologies or IoT to understand and assess new suppliers with products and solutions in these technology areas. This is not a compliance or audit function. On the other hand, this is not a security testing function.
Conduct security review of third-party products/ services to assess the security capabilities and risks to IBM / Customer data, network and IBM products/ offerings
Identify areas of improvement and analyze and provide appropriate recommendations for mitigation of the risk
Working with the appropriate business users and experts, ensure that for any identified risk that require mitigating action, including vendor disengagement/replacement, a plan is developed and executed.
Monitor and drive mitigation actions.
Partner and coordinate closely with internal stakeholders (i.e. Business units, Business Unit Information Security executives, Procurement, Internal Audit, Legal, etc.) to facilitate and assess third party relationships.
Clearly articulate the risk areas and required mitigation action to senior management of Business units, CISO and cross-functional teams
Act as a subject matter expert to assist the business in identifying and mitigating risks on their supplier relationships.
Ensure appropriate security terms are included in supplier contracts
Minimum 2 years of experience in one of the following:
Cloud application development, including working with Kubernetes, containers, dockers
Cloud infrastructure management – management of Kubernetes, containers, cloud databases and applications
Experience in development, deployment or maintenance of data analytics and AI projects
Experience in development, deployment or maintenance of IoT applications and infrastructure
Overall 8 years of experience in IT or information security domain Minimum 3 years of experience in one of the following:
Experience in security architecture and solutioning
Experience in application security management
Experience running vulnerability scans or management
Experience in Security Operations Center (SOC)
Experience in managing network security
Experience in security technologies such as Identity & Access Management, encryption, DLP, etc.
Experience evaluating third party security controls and status
Experience conducting risk assessment of problem areasRisk management experience – assessment, prioritization and remediation
Familiarity with SOC 2 Type 2 audits
ISO 27001 implementation knowledge
NIST 800-53 implementation experience
Preferred certifications :