Infosys is a global leader in next-generation digital services and consulting. We enable clients in 46 countries to navigate their digital transformation. With over three decades of experience in managing the systems and workings of global enterprises, we expertly steer our clients through their digital journey. We do it by enabling the enterprise with an AI-powered core that helps prioritize the execution of change. We also empower the business with agile digital at scale to deliver unprecedented levels of performance and customer delight. Our always-on learning agenda drives their continuous improvement through building and transferring digital skills, expertise, and ideas from our innovation ecosystem.
[...] to see how Infosys (NYSE: INFY) can help your enterprise navigate your next.
Short Description: If your passion is to build solutions that really make a difference to enterprises, the community and your world, Infosys is the right place for you.
Roles and Responsibilities:
Gather the security requirements across application and infrastructure and Prepare the requirement traceability matrix.
Work with Infosys App team and ensure that application security requirements in the application.
Work with Infra team to ensure that native and network security controls have been implemented in AWS platform.
Coordinate & engage with stake holders for incident response / investigation / break-fix
Security Governance review of HLD, SAD and other documentation in tandem with Agies9
Security Governance review of encryption design
Provide Governance in vulnerability management; Pen testing, Secure Code and Application scanning process and activities.
Provide Governance and coordinate with Infra and Application teams for Authentication/Authorization & Encryption Key Management activities
Provide Governance on business process associated to user management life cycle, access certification, workflows and role-based provisioning
Over all 10 -12 Years of Experience in Audit, Governance and Controls Review, Which Includes :
AWS Cloud Native Security Control
Good understanding on security control of AWS Cloud platform services like, AWS Directory Service, AWS Key Management System (KMS), AWS Cloud Security, review of Security Group, Network Access Control List, VPC, Firewall etc.
Good Audit Knowledge on AWS CloudTrail and CloudWatch for Audit trailing and monitoring.
Audit Knowledge of Security like RBAC, SIEM solution, OS Hardening, Intrusion detection and VA/Patch Management.
Audit Knowledge on OWASP compliance and ASD Information Security Manual Essential8 security controls.
Audit Knowledge Sound knowledge on Data Encryption, DB encryption (Postgress SQL, Mongo DB) and Application data encryption techniques.
Ability to articulate latest security controls and Patches released by AWS
Good communication and negotiation skills
Excellent planning and organization ability
Excellent time management skills and understanding the value of a baseline
Excellent troubleshooting and problem-solving abilities
Tertiary Qualification in IT / Computer Science / related discipline.
Audit, Review and Governance experience in Cloud and Information Security around:
Data Encryption (data at rest and data at motion) and Database level encryption.
Application security compliance w.r.t OWASP and Top 35 Security controls.
Review of secure design of application which includes Authentication, Data Encryption and Key management
Review of access controls like RBAC and MFA implementation for the high privilege accounts.
Privacy impact assessment using CDPP (Commonwealth Data Protection Policy)
Conducting Security Risk Assessment and Mitigation plan.
Conducting Incidence response plan and IRAP assessment.
Documentation of information security policy and standard operating procedure.
Review of security controls implemented at application and network layers.
Preferred to have any experience working in Pega Platform.
Must have experience on AWS cloud security.
Certifications such as CCNP Security (Cisco Certified Network Professional Security), CEH (Certified Ethical Hacker), CISSP (Certified Information Systems Security Professional), and GIAC Security Certifications would be an added advantage.
Audit knowledge / Exposure on Pega application
Good Knowledge on IRAP and ISM controls
Common Wealth Data protection Policy
Excellent customer interfacing skills.
Excellent written and verbal communication skills.
Strong attention to detail and outstanding analytical and Problem-solving skills.
Infosys is an equal opportunity employer and positively encourages applications from suitably qualified and eligible candidates regardless of gender or other attribute covered by equal opportunity legislation.
Please note in order to protect the interest of all parties involved in the recruitment process, Infosys does not accept any unsolicited resumes from third party vendors. In the absence of a signed agreement any submission will be deemed as non-binding and Infosys explicitly reserves the right to pursue and hire the submitted profile. All recruitment activity must be coordinated through the Talent Acquisition department. All aspects of employment at Infosys are based on merit, competence and performance. We are committed to embracing diversity and creating an inclusive environment for all employees. Infosys is proud to be an equal opportunity employer.