Sonsoft , Inc. is a USA based corporation duly organized under the laws of the Commonwealth of Georgia. Sonsoft Inc. is growing at a steady pace specializing in the fields of Software Development, Software Consultancy and Information Technology Enabled Services.

Wants:

Ø In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls

Ø Knowledge of an experience in developing and documenting security controls and test plans/scripts.

Ø Experience with SOX 404, HIPPA, GLBA, PCI, foreign and domestic privacy laws.

Ø Experience with common Information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST) frameworks.

Ø Knowledge of the fundamentals of project management In-depth knowledge of risk assessment methods and technologies.

Ø Proficiency in performing risk, business impact, control and vulnerability assessments.

Ø Strong understanding of business applications, including ERP and financial systems, Excellent technical knowledge of mainstream operating systems [for example, Microsoft Windows and Oracle Solaris) and a wide range of security technologies, such as network security appliances, identity end access management (IAM) system, anti-malware solutions, automated policy compliance tools, and desktop security tools.

Ø Knowledge of network infrastructure. including routers. switches.

Ø firewalls, and the associated network protocols and concepts.

Ø Experience In developing, documenting and maintaining security policies, processes, procedures and standards.

Ø Audit, compliance or governance experience is required.

Musts:

Ø Bachelor's degree in Information Systems or equivalent work experience in IS auditing, governance, compliance.

Business Experience:

Ø 3 to 5 years of combined IT and security work experience with a broad range of exposure to systems analysis, applications development, database design and administration; one to two years of experience with information security.

Daily Tasks Performed:

Ø Developing a single control framework to streamline the audit process into a Singular audit.

Ø Documenting controls and test procedures surrounding privacy and financial audit assessments Reforming independent assessments of various IT systems based on the newly defined control framework, Work with various business unit managers, application teams, and team managers to obtain testing evidence and execute lest scripts.

Ø Formally document test results and communicate findings to management and auditee/group/team.

Ø Assisting with remediation activities as identified within the assessment Actively reporting on progress and keeping management informed of the current status.

Ø Review processes and Identify areas where efficiency can be gained.

Ø Assist with risk mitigation strategies and framework development as needed.

Ø Assist in other areas of the department and organization as needed based on management direction.

Description:

Responsibilities

Pivotal team member in developing a compliance framework including controls development, test scripts, conducting assessments, reporting evaluations performed, and providing metrics on the progress made Works with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.

Components of this activity include but are not limited to:

Business system analysis

Communication, facilitation and consensus building Assists in the coordination and completion of information security operations documentation Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse assets and noncompliance Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned Collaborates on critical IT projects to ensure that security controls are implemented as planned Works with IT throughout the project life cycle as directed by management Works with IT department and members of the information security team to identify, select and implement technical controls Develops security processes and procedures, and supports service-level agreements (SLAB) to ensure that security controls are managed and maintained Address security administration on a normal and exception-based processing of security authorization requests Researches new compliance requirements, works with other team members to incorporate existing process to reduce risk exposure.

** U.S. citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.

Note:-

1. This is a FULL TIME job oppurtunity.
2. Only US Citizen, Green Card Holder, GC-EAD, H4-EAD, L2-EAD, TN VIsa can apply.
3. No OPT-EAD & H1-B for this position.
4. Please mention your Visa Status in your email or resume.