Job Description
Exp- 3 to 6 years
Notice- 15days to Immediate
"Security Compliance Monitoring Specialist
Deliverables / Expectation
Monitor, assess, validate, and report security compliance status based on defined policies and
standards. Track and report the status of the compliance levels and enforce the deployment of
expected controls.
Tasks to be performed under this contract:
a) Support compliance / monitoring related projects;
b) Deploy regular assessment / validation of controls against ICT policies and standards;
c) Provide advisory to support decision-making activities related to control deployment;
d) Maintain cloud-based security solutions as Microsoft Threat, Security and Compliance Solutions
suite;
e) Manage KPI / metrics definition and evaluation about security compliance, including the
follow up remediations actions.
f) Ensure the organizational exposure level reported by Microsoft Defender for Endpoint solution is
at an acceptable level;
g) Monitor activities of third-party providers and ensure the highest level of compliance / customer
service based on contract agreements;
h) Lead technical implementation/deployment of new solutions, products, and/or services through
project management principles, and provide project?s documentation;
i) Provide technical support to business/system and technology owners to propose mitigation and
remediation solutions to identified issues/security incidents;
j) Reviews ICT architectures and implementation details for design flaws, incorrect security
implementation, and missing security controls;
k) Participate and execute security and risks assessments and evaluations of existing on-prem and/or
cloud-based environments;
l) Conduct Microsoft 365 Compliance Manager?s Risk assessments (MS Purview);
m) Document and report on processes and procedures; additionally, provide advisory and/or create
security policies based on international standards and regulations;
n) Responsible for composing essential project documentation (concept notes, workplan, roadmap,
project closure report, RFP definition, periodically project progress reporting);
o) Perform such other duties as may be assigned by the direct supervisor.
Performance indicators for the evaluation of results
a) Deliver project documentation requested by the direct supervisor during the agreed months,
including advances of regular tasks as:
a. plan, design, and implement security controls;
b. monitor, assess, validate and generate reports related to deployed controls, findings, gaps,
compliance levels and identified risks;
c. follow up and enforce the deployment of missing controls based on defined policies and
standards;
b) During the agreed months, performs the needed operations and execution of the related tools,
processes, and controls related to Information Security Unit Work Plan and Roadmap.
Education, Experience, and/or skills required
Education
- University degree in Computer Sciences, Engineering or relevant field from an accredited
- academic institution with 4 years of relevant professional experience;
- Cloud computing certifications at the associate/professional/specialty level from Azure, M365,
- and/or AWS are a distinct advantage;
- ITIL and Prince2 Foundation are advantages;
- Other Network, and Computer industry certifications would be an advantageExperience
- 3+ years of experience with assessment, validation and reporting using solution as Power BI /
- Power BI Builder / Power Automate;
- 3+ years of Information Security / Cybersecurity / Compliance / Audit experience, working with
- on-prem and cloud-based security solutions (e.g., Microsoft Threat Protection suite, AWS Security
- Solutions, Zscaler, Intune);
- 2+ years of relevant security analysis and reporting work experience (security consulting).
- Skills
- Strong knowledge and experience in Microsoft Azure, Microsoft Active Directory; Microsoft Azure
- Active Directory
- Demonstrated technical skill in infrastructure architecture, application, data security, and cloud
- computing with emphasis on Microsoft Azure, M365, and AWS;
- Demonstrated ability to analyze system services, operating systems, networks, and applications
- from a security perspective and discover security issues that appear under new threat scenarios;
- Strong knowledge of compliance, controls deployment
- Strong knowledge of reporting tools (e.g., MS Excel, Power BI, Power BI Report Builder);
- In-depth and advanced knowledge of TCP/IP protocol, WAN and LAN technologies, Virtual Private
- Networks and network management, security and documentation, including network brands as
- Cisco, Kemp, Fortinet;
- In-depth understanding of Microsoft based networks including Windows Server, Microsoft
- Exchange Online, DNS, DHCP, and other Windows network technologies (cloud and on-prem);
- In-depth understanding of Microsoft based security solutions: Azure Defender, Microsoft 365
- Defender, Security Center, Azure Defender, Azure Sentinel, Insider Risk Management / DLP
V 0.0.1