Dreamweavers Edutrack Pvt Ltd
the company is a leading insurance training provider in north india with training contracts with almost all life and general insurance companies.it plans to expand its footprints to other parts of the country
- Job Role - IT Assurance Officer
Job Location - Dubai
These roles and responsibilities are accomplished by IA team members by performing:
1. Information security continuous monitoring (ISCM)
Information security continuous monitoring (ISCM) is done in EGA by using:
- Security information and event management (SIEM) (Tenable Suite)
- Border & Internal IDS/IPS
- Monitor firewall Policies (AlgoSec Firewall Analyzer)
- Monitor end-point security (Nexthink)
Security information and event management (SIEM)
In EGA this goal is achieved by using Tenable solution which is comprised of three major components:
- Vulnerability Assessment done passively (PVS) and actively (Nessus)
- InfoSec Events done by a log correlation engine (Tenable LCE)
- A central monitoring and reporting console (Tenable SecurityCenter)
2. InfoSecIncidents Management
IA team is part in every major steps regarding InfoSec Incident Management as follows:
- Prepare to deal with incidents being part in process ofpreparing an incident management policy (along with Policies & Procedures Compt.), and being leading technical part of SIRT (Computer Security Incident Response Team);
- Identify and report information security incidents;
- Assess incidents and make decisions about how they are to be addressed e.g. patch things up and get back to business quickly, or collect forensic evidence even if it delays resolving the issues;
- Respond to incidents i.e. contain them, investigate them and resolve them;
- Learn the lessons - more than simply identifying the things that might have been done better, this stage involves actually making changes that improve the processes.
3. Risk Assessments
For Information Assurance team, participating in Risk Assessment process along with Risk Management & Compliance and any other parties involvedmeans providing technical input (technical and technology-related security concerns, security advisory and implementation tips, etc.), verify the closure of risksfindings (from technical point of view) and proactively advise management and Information Security functions to initiate corrective and preventive action.
4. Audit closures
Information Assurance team is responsible for testing any reported closure regarding audit follow-ups. For any audit, closure of a follow-up must be reported by the owner of non-conformity to the IT Governance.
In turn, IT Governance requires to IA team to test if the closure reported is in place, for each technical non-compliance audit report.
5. Penetration tests
In EGA Information Assurance team is responsible to define the scope and objectives for penetration testing, and for testing closure of all follow-ups pointed out by pentest report.
Pentests are conducted at least once per year by an external company in order to have unbiased opinion assured.
6. Change Management:
Involvement in Change Management & Change Configuration processes, at the initial configuration and whenever any change must be done.
7. ICT projects:
Information Assuranceis part of Project Risk Assessment team at the main phases of the project.
Company:Dreamweavers Edutrack Pvt Ltd