Terms of Reference – Associate Consultant/Consultant/Senior Consultant (IT Security)
|1||Roles And Responsibilities||1. Review of IT infrastructure, devices and software policies of OVL from IT security perspective.
2. Monitor implementation, compliance level and monitoring of policies and report to management through Head IT.
3. Participate in forums like IT security steering committee to enable review of IT security across all assets.
4. Initiating and carrying out Risk Assessment as per the Risk assessment plan.
5. Conducting periodic audits for compliance to IT Security Policy.
6. Conducting periodic information security awareness sessions for OVL users.
7. Arranging for independent information security audits / reviews and facilitate resolution of IT Security related issues.
8. Developing security incident handling procedures and monitoring security intrusions and activities and taking counter measures by coordinating with other departments.
9. Reviewing, analyzing and resolving the information security incidents.
10. Initiating and implementing corrective & preventive action for security incidents.
11. Initiating Business Continuity Planning and Disaster Recovery (BCP/DR).
12. Ensure availability of infrastructure, tools and people to implement IT security policies, disaster recovery plan etc. after clearance from Head IT.
13. Ensuring compliance to the regulatory & legal requirements in consultation with various stake holders / Legal team.
|2||Nature of Assignment (office / field)||Office|
|3||Duration of Assignment||One Year|
|4||Position||Associate Consultant/Consultant/Senior Consultant (IT Security)|
|5||Level||E5 – E7|
|6||Age Limit||64 Years|
|8||Qualification required||Graduate in Engineering / Master in Science / Master in Computer Application and atleast have one information security related professional certification like CISM, CISSP, CISA, ISMS 27000 LA etc|
|9||Experience desired||At least 3 years’ experience in managing IT Security infrastructure in an organization having various advanced security systems.|
|10||Performance evaluation process & periodicity thereof||As per policy|
|11||Reporting Authority (Name, Designation)||Will be indicated in the Engagement Letter|
|12||Honorarium admissible as per policy||Based on E-level of engagement|