This job ad has been posted over 30 days ago...



ISMS Consultant Freelance

at Cyber Security Works Pvt. Ltd (Anywhere) (Published at 04-09-2018)

We are looking for an ISMS consultant for performing ISMS audit for the below scope of work.
Location: UAE
Duration: 2-3 weeks

Physical and Environmental Review
Check for Inadequacy of Physical and Environmental controls
A visit to be conducted at the identified locations to review procedures followed regarding
Visitor Handling
Physical Access Control
Security Awareness
Fire Handling Procedures
Material movement control
Implement and test security controls
Physical security zones, i.e., data centre vs. branches
Controls for environmental hazards, such as fire, flooding (halo gas, smoke alarms, raised flooring, heat sensors, etc;
Power outages and fluctuations
Alarms, surveillance cameras, synchronized lighting, and other intruder detection devices
Backup communications
Vaults, locked cabinets, equipment and paper storage, media storage
Locks or other devices for PC, laptops, PDS, hand-held devices, etc.
Protected cabling, routing of cabling wire rooms locks, Infrared or wireless equipment, frequency emissions both wireless and unintentional emissions from unshielded equipment
Badges and physical ID control

Information Security Policy and Procedure Review
The purposes of this exercise are to evaluate and assess comprehensiveness to current compliance regulations, by identifying specific strengths and weaknesses and by recommending policies, standards and procedures improvement within and outside network covering employees and partners.

Information Governance
The information governance program should not replace existing information disciplines or reporting structures for those disciplines but establishes shared governance and a culture of coordination and integration between disciplines.
Contract service provider and third-party security
Fraud control
Disaster recovery and business continuity planning/review
Reporting incidents and conducting security investigations audit and compliance reporting
Review and amendment, and
Roles and responsibilities

Information Awareness Program Development
The Awareness development Program targets common or basic breaches to that of business
impact/critical ones, please note that the list is not limited to, needs to map based on environment and business needs.

Information Risk Assessment
The final review is to understand how vulnerable are our Information Technology infrastructure are, based on global best practices and standards followed. Relating those best practices and standards to that of the People, Process and Technology framework currently running/implemented
Evaluate the likelihood and potential damage of identified threats
Measure the individual risk level of each asset as they relate to Confidentiality, Integrity and
Availability (CIA)
Gauge the effectiveness of existing controls to limit the organization’s exposure and risk
Follow standards COBIT, ISO, GLBA, PCI DSS, NIST
Frameworks including the SEC, FFIEC, NIST, SANS

The analysis should cover:
Asset Group Analysis
Threat Analysis
Control Analysis
Risk Analysis
Reporting and Report Briefing

Consultant’s Requirements/Qualification
An in-depth understanding of information security, security policies, account security policies and standards for logical and physical security implementations.
A basic knowledge of Regulatory Compliance as it affects the relevant industry.
A good understanding of the information security control measures.
A working knowledge of risk assessment as it is applied to information security.
The ability to perform, manage and run information security audits.

Certification: CISSP/CISM/CISA /ISO27001 Auditor
Exp: 5-7 years or more than
Qualification: Bachelor/Graduate/Higher
Ready to work anywhere in the globe
Excellent communication skill.

Recent jobs at Cyber Security Works Pvt. Ltd

Viewed: 842 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend