Expertise in cyber security frameworks such as ISO27001, NIST 800-53, NIST CSF, PCI-DSS, ISO22301, data privacy etc.
Skilled in risk management, risk assessment and analysis, internal audit.
Technical knowledge in the security domains such as information security management and governance, systems and network security, Physical and logical IT controls, application security, data security, cloud security, access controls, authentication, or security protocols etc.
Experience in conducting vendor onsite assessments.
Experience of assessing cloud service providers(CSP) will be an added advantage.
Understanding third-party risk management concepts, exposure to third party (or) outsourcing regulatory requirements.
Associate should be able to test both Physical and Logical IT controls and should be an SME in reviewing, identifying gaps, issue logging , monitoring and tracking for closure.
