Vulnerability Management Consultant

13+ Exp. onlyReview Projects and their technical design documents for Information security risks and advise on suitable controls and mitigations at early stages of the programFair understanding of Technology Landscape Applications Infrastructure Cloud and reviewClients information security and related threats and vulnerabilities legal and regulatoryrequirementsGood Understanding on Security Standards like ISO 270012 SOX ITGC SOC1 or SOC2DevSecOps OWASP top 10 Business Impact analysis ISO 22301 ISO 27005Assess and classify all potential business and infrastructure information risksReview and advise on information security risks of vendor offerings Newleveraging existing SAAS PAASIAAS services including integration with Client environmentConduct risk assessment on Applications Network Systems according to Client policies applicable Standards legal regulatory requirementsIdentify the risks in the Client Projects provide recommendations for remediation of identified risksTranslate Technical legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies Identify or design the controls for implementation based on the outcome of Risk Assessment its remediation and residual riskEnsure all the controls outlined for an applicationInfrastructure are designed effectivelyReview Vulnerability Assessment and Penetration Test scan results and recommend the risks to be remediatedReview and approve the control design of supplier and their organization technical specifications against Client security control requirementsEnsure all the risks are documented classified and tracked with appropriate action as per the IRM standardsWork with Project Managers Business Analysts Architecture and Support Team to ensure Client Information Risk Management standards are being followedTest the control effectiveness post implementation or deployment of controls and technologiesConduct Security governance with Client stakeholdersTechnologyUnderstanding of Cloud Security SAAS IAAS and PAAS and Onpremise infrastructureUnderstanding of secure application development and supportKnowledge on Network Security Data Security Practices EndPoint Security Identity andAccess ManagementKnowledge on Business Continuity Plan and Disaster RecoveryJD KeywordsSecurity Risk Assessment ISO 270012 SOX ITGC SOC1 or SOC2 DevSecOps OWASPtop 10 Security Risk Management Business Impact analysis Design Controls DataSecurity Security Policy review Business Continuity Cloud Security Network SecurityIdentity and Access Management ISO 22301 ISO 27005 Control testing ControlassessmentKnowledge and skillsProjects Stake holder Management Governance Management ReportingVery good communication skills Agile Project deliveryCloud Security controls Data Security SeInfo baselines Privacy requirementsEducation BackgroundBTech CA MBA MS Info Sec MTechIndustry CertificationsISO 27001 Lead Auditor or Lead Implementor CISA CRISC CISM CISSP.Regards,Mohammed ilyas,PH - 229-264-4024 or Text - 229-469-1455 or You can share the updated resume at Mohammed@vtekis. com