JOB SUMMARY<br /> This position is for IT Security role. In this role, person is primarily expected to run IT security function independently. KEY ROLES & RESPONSIBILITIES IT Security policies and procedures: Work closely with Leadership to maintain/review and update firm wide IT Security policies. Being aware of latest vulnerabilities, zero-day incidents or breaches in components of the organisation’s technology stack and pro-actively suggest policy, process and system level controls to mitigate risks arising out of such incidents. Coordinate the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with regulatory recommendations and industry best practices.<br /> IT Security operations:<br /> Run day to day IT security operations: Managing and maintaining security tools: I. Managing set-up and configuration of control tools like firewalls, IPS, WAF, DDos etc. across the organisation’s cloud and on-premise environment in co-ordination with implementation partners. II. Managing day to day operations of tools like EDR, CASB and DLP, and keep the same updated, managing exceptions pro-actively III. Actively recommend, monitor, review and update policies on all these tools<br /> Security incident management set-up and Incident response: I. Setup security monitoring tools to receive raw security-relevant data (e.g. login/logoff events, persistent outbound data transfers, firewall allows/denies, etc.). This includes making sure the cloud and on-premises infrastructure (Servers, firewall, database, Storage, DNS, DNS, email, web, active directory, etc.) are all sending their logs to the log management/log analytics/SIEM tool. II. Analyze logs and alerts to find suspicious or malicious activity; investigate indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.); review and edit event correlation rules; sharing your findings with the threat intelligence community. III. Front-line role: Actively monitor the system for suspicious activity and threats. Make the initial decision on the threat severity; pass more complex attacks up the chain of command. IV. Coordinate with SOC service providers<br /> Managing security related compliance activities:<br /> I. Work with Compliance/Risk to fulfil third party (including regulators) requirements II. Make sure Technology within Marcellus is fully compliant with regulatory mandates for relevant geographies III. BCP-DR: Responsible for Marcellus’s BCP-DR strategy IV. Periodically Review/maintain Marcellus BCP-DR plan and policy V. Carry out Mock bcp/dr VI. Define RTO/RPO for all functions VII. Act as interface between compliance and tech VIII. Security vendor management – continuously evaluate capabilities of existing security services , products and service providers and actively contribute in framing SLA driven contracts, to ensure fulfilment of the organisation’s security objectives<br /> IT General<br /> In this role, the candidate will also allocate time to carry out general IT tasks<br /> I. Maintain general IT hygiene<br /> II. Ensure documentation is in place for all in-house developed applications<br /> III. Help Tech and Digital with day-to-day IT support<br /> IV. Vendor management<br /> V. Cloud support/management MINIMUM EXPERIENCE & PREFERRED EDUCATION: 7+ years / Bachelor of Engineering<br /> *Marcellus is an Equal Opportunity Employer. Marcellus does not discriminate on the basis of age, race, religion, marital status, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, or any other basis covered by appropriate law. All employment is decided based on qualifications, merit, and business needs.