Architect - Information Security Job in Yash Technologies

YASH Technologies, a leading enterprise business, and technology solution partner is seeking IT Information Security professionals, who thrives on challenges and desires to make a real difference in the business world. With an environment of extraordinary innovation and unprecedented growth, this is an exciting opportunity for a self-starter who enjoys working in a fast-paced, quality-oriented, and team environment.

What you should have?

• A Bachelors / Masters Degree in Computer Engineering, Information Technology or related field preferred.
• 8 -10 years of information security-related experience.
• IS certification, e.g. CISSP, C| CISO, CISM, CISA, GDPR and Cobit.
• Experience with technology infrastructure, security engineering.
• In-depth knowledge of IS Standards, e.g. ISO 27001 and of IS technologies and issues on standard platforms.
• Strong working knowledge of GRC processes and solutions such as Archer or Metric stream.
• Work experience or strong understanding of Security Operations Center (SOC), Network Operations Center (NOC) or Computer Security Incident Response Center (CSIRC).
• Strong understanding of Networking and Security technologies: SIEM, IDS /IPS, vulnerability management, endpoint protection, breach detection, and threat intelligence.
• Knowledge of various attack vectors and intrusion methodologies: DDoS, malware, phishing, brute force, APT, buffer overflow, etc.
• Experience in security frameworks such as NIST 800-61, ISO27035, SANS, etc.
• Experience with threat intelligence frameworks, such as STIX/TAXII and OpenIOC.
• Ability to architect and effectively communicate solutions to business challenges.
• Experience working in a large government or corporate enterprise environment.
• Exceptional time management and organizational skills required.
• Strong understanding and knowledge of PCI security standards and requirements.
• Demonstrated exceptional written and verbal communication skills.
• Understanding of current technology and regulatory trends in multiple areas.
• Excellent interpersonal skills and the ability to work effectively with people in a wide range of positions and levels.
• Strong risk analysis and problem-solving skills.
• Demonstrated ability to analyze security and technology control effectiveness.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.

What you will do?

• Assess current/proposed systems and solutions for compliance with standards and regulations such as PCI-DSS, HIPAA, GDPR, and Sarbanes-Oxley.
• 8+ years of experience in managing IS programs including, but not limited to:

• Creating and implementing IS policies that align with business needs and devising methods to measure the effectiveness of the policies.
• Creating and implementing IS controls.
• IS compliance with external regulations.
• Aligning IS strategy with corporate governance.
• Communicating with executive leadership.
• Managing an Information Security team.
• Audit Reviews, IS Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment, secure configurations, patches management, antivirus.

• Continually develop the information security strategy in conjunction with the technology group.
• Develop and maintain information security risk assessments designed to evaluate inherent risks, controls, and residual risks.
• Effectively advocate within the business for security controls that mitigate unacceptable risks.
• Oversee security awareness activities for employees, partner integrations and customers.
• Ensure that the Yash culture maintains a commitment to security.
• Perform assessment of security controls and evaluate results relative to risk assessment.
• Develop effective information security policies and standards. Monitor compliance and work with management to ensure policies are implemented effectively.
• Consult with business unit stakeholders during projects and product development efforts. Ensure that appropriate security controls are considered.
• Monitor regulations and technology trends. Evaluate compliance and develop plans for compliance with regards to information security.
• Educate employees and act as a champion for compliance throughout the Yash.
• Establish and maintain successful external relationships with partners, customers, vendors, and regulatory agencies.
• Work closely with Information Technology professionals responsible for user security and access controls to review privileged levels of access and changes to the technology environment for risk.
• Oversee corporate-wide physical security at all YASH locations.