An initiative for B.E. / B.Tech candidates by GRC Solutions (India) Private Limited @ "GRCS"

Dear sir/madam,

We take this opportunity to introduce ourselves with immense pleasure.

GRC Solutions (India) Private Limited @ “GRCS” is a Bangalore based company which offers Consultancy, Implementation, Audit and Training Services in the area of IT Governance, Information Security Management, IT Risk Management, IT Controls & Compliance Management and Business Continuity & Disaster Recovery Planning. To know more about us, please visit us at http://www.grcsipl.com !

GRCS has started an initiative based on “no profit - no loss” approach to support B.E. And B. Tech fresh candidates who are struggling for getting a right job for their career matching their qualification. This initiative will be taken only for 20 (twenty) B.E. And B. Tech candidates per location. Hence the name of this initiative is “Project T-20” (I.e. Project for a Team of 20 Information Security Research Analysts). Our current drive is for Bangalore location only. Candidates from any part of India can apply to be part of this initiative. GRCS encourages these freshers to join information security profession.

Below is an attempt to explain the different aspects of the challenges faced by these qualified techies and support offered by GRCS.

1. Current challenges for candidates:

1.1. Global market slowdown.

1.2. Unstable / unpredictable market growth.

1.3. Hiring freeze: As you may be aware of the current market situation where organization are going for hiring freeze, doing lay-offs on the name of under-performance, etc.

1.4. Cost cutting drive: Resource reduction from existing projects;

1.5. Internal hiring preferred: In many organizations, employees who are off-boarded from one project are internally hired for another project or by another division. This has caused reduction in the volume of external hiring;

1.6. Limited external hiring: Considering above circumstances, there is very few options left for external hiring and that too is for case to case basis for backfilling and other similar situations;

1.7. Restricted hiring of freshers: Considering all points mentioned above, hiring of a fresher becomes more difficult and hence, many organization are not going to academic institutions for campus hiring;

1.8. Other reasons for restricted hiring of freshers: In addition to what we have mentioned above, no organization will prefer to hire candidates with following attributes:

1.8.1. Less than 2 years of work experience;

1.8.2. Less than 60% in SSC or HSC or Degree;

1.8.3. Candidates having gaps (or year back) during academic years;

1.8.4. Candidates who spent 1 year or more without job after completion of degree;

1.8.5. Candidates who were not selected during campus recruitment;

1.8.6. Candidates who were not selected during mass off-campus or walk-in selection;

1.9. No campus recruitment in many colleges;

1.10. Poor result of campus recruitment;

1.11. Techies looking for job since more than a year: There are many B.E. And B.Tech. Students who passed out one year ago and are still looking for a job;

2. Career roadmap for such candidates:

In such situation, candidates (freshers) should grab any job (as soon as possible) which requires their academic qualification and should continue a career with same organization minimum for 2 years. During this tenure, if they want, they can prepare for interviews to understand the market trend and better options available. This approach will continue adding days and months to their work experience which is very critically required for the calculation of a person’s salary which add value to you throughout the career.

3. What GRCS provides for such candidates?

3.1. GRCS brings a great opportunity for such candidates which works on win-win philosophy.

3.2. It provides FREE TRAINING to the candidates who gets associated with GRCS;

3.3. UNLIMITED ASSIGNMENTS and project works. Candidates are encouraged to complete maximum assignments in a year;

3.4. Exposure to the information security research work;

3.5. Exposure to real-life business environment;

3.6. Excellent performers gets an opportunity to work on real-life assignments;

3.7. Free career counselling and guidance;

3.8. After six months, candidates are free to go for interviews;

3.9. GRCS will help you in preparation for interviews;

3.10. This “no profit - no loss” initiative provides a career launching pad for you. In other words, you can say that GRCS provides a bridge between you and the corporate world;

4. What are the other benefits to the candidates?

4.1. After successful completion of 6 months engagement with GRCS, candidates exhibiting excellent performance during this period will be promoted as an “IT Security Engineer” and will become a salaried employee of GRCS. Progression of candidates will be based on their performance evaluation which will be measured on the volume and quality of work done.

4.2. During research work, candidates with excellent performance may be given opportunities for execution of (or support to) real-life projects. If there is any revenue generation through such candidates, the deserving candidates shall get incentive based on their contribution and performance on the project they were engaged for.

4.3. Good utilization of time. Convert the time of your job hum into work experience. It also helps in retaining consistency and continuity of professional life and occupation.

4.4. Work experience certificate for the candidate who has worked full time with GRCS as “Information Security Research Analyst” OR “Junior Technical Consultant” as part of Project T-20;

4.5. Course completion certificate for each module completed by the candidate;

4.6. Exposure to work as an entrepreneur;

4.7. Improved confidence level before or during recruitment interview;

4.8. Increased possibility of selection during recruitment interview;

4.9. Candidates who were not selected during campus recruitment, can secure their career;

4.10. Faster management recognition through security and compliance role; and

4.11. Faster career growth.

5. Nothing is free in this world. So what it will cost to a candidate?

5.1. As it is a no profit and no loss initiative, you have to pay the running cost of Rs 12000/- which is against the expenses incurred for you during a year. This running cost comprises of expenses like office rent, electricity bill, broad band connection, etc.;

5.2. If you calculate considering the service tax, this is not even Rs 1000/- per month (which is far less than any coaching class’s tuition fee).

6. What will be the mode of payment and when it has to be paid? Is this payment refundable?

6.1. This amount is to be paid by cheque or demand draft in favour of “GRC Solutions (India) Private Limited”, Bangalore.

6.2. This payment is to be made only after the successful face to face personal interaction at GRCS office which will be conducted only for the candidate who has passed all the stages (telephonic assessment, technical assessment and group discussion) of the selection process.

6.3. In any circumstances, this payment is not refundable. Please note that, if a candidate gets a job through GRCS’s program or through his/her own efforts and he/she decides to quit his/her association with GRCS, this amount will not be refunded.

7. How a candidate will ensure that initial career investment made by them is secure and not at risk?

7.1. Candidates will get a training charges receipt against amount paid by them;

7.2. Candidates will be trained on information security modules costing more than what GRCS charges in the open market;

7.3. Course completion certificate for the module completed by the candidate;

7.4. This will give a feel of getting immediate return on your initial career investment;

7.5. Full time information security research analyst job for one year to provide you with one year of work experience in information technology security;

7.6. In addition to all above, an excellent performer who gets an opportunity to work for customers, can get this Rs 12000/- back as his/her incentive;

8. What does GRCS get out of this initiative?

8.1. Outcome of any work done by candidates will become intellectual property of GRCS;

8.2. GRCS will have ready pool of trained resources which can be utilized by GRCS and its customers for any onsite or off-shore assignments;

8.3. Set of skilled resource for remote information security controls-testing, document assessments, etc;

8.4. Enabling GRCS in providing cost effective solutions;

8.5. Enabling GRCS capability of off-shore delivery from across India;

8.6. Enabling GRCS capability of delivering any city in domestic market;

9. What are the career opportunities in Information Security Profession?

9.1. Increased no. of IT, ITES, ITSM and other related work being outsourced to India;

9.2. Increased work means increase in work for supporting IT Infrastructure (servers, databases, applications, network connectivity, network devices, etc.) and IT processes;

9.3. Increased work load will cause increased risk to information, information technology infrastructure and information processing facilities;

9.4. To manage increased risk to information and IT infrastructure, there will be increased demand of information security and risk management professionals;

9.5. This demand will create more career opportunities;

10. Career Options

10.1. Governance

10.1.1. Corporate Governance Consultant;

10.1.2. Information Security Consultant;

10.1.3. Information Security Management System Implementer;

10.1.4. Enterprise Security Solution Architect;

10.2. Risk

10.2.1. Risk Management Professional;

10.2.2. Business Continuity and Disaster Recovery Professional;

10.3. Compliance

10.3.1. IT Security Controls Testing

10.3.1.1. Application Security Professional;

10.3.1.2. Database Security Professional;

10.3.1.3. Operating System Security Professional;

10.3.1.4. Network Security Professional;

10.3.1.5. Ethical Hacker / Penetration Testing Professional / Vulnerability Assessment;

10.3.2. IT Security Audits

10.3.2.1. Information System Auditor;

10.3.2.2. Information Security Management System Auditor;

10.3.2.3. Certification Auditor (ISO27001);

10.3.2.4. Internal / Eternal Auditor;

10.3.3. IT Process Audits

10.3.3.1. ISAE 3402 (International service organization reporting standard)

10.3.3.2. SSAE 16 (Statement on Standards for Attestation Engagements No.16)

11. Which organizations hire information security professionals?

11.1. All IT & ITES Companies:

11.1.1. Indian Companies: Infosys, Wipro, TCS, Tech Mahindra, Mahindra Satyam, Patni Computers, Cognizant, Reliance Infotech, L&T Infotech, 3i-Infotech, etc.;

11.1.2. Multi-National Companies: IBM, HP, HCL, Accenture, Capgemini, Honeywell, CSC, EDS, Mphasis, etc.;

11.1.3. Call Centres & BPOs;

11.2. Big4 Consulting Firms: KPMG, PWC, E&Y, and Deloitte.

11.3. Telecom Companies: Bharti Airtel, Vodafone, Idea, Reliance, etc.

11.4. Banking & Financial Institutions: CCIL, ICICI, HDFC, IDBI, etc…

11.5. Insurance Company: LIC of India, SBI Insurance, Bajaj Allianze, Kotak Mahindra, etc.

11.6. All companies certified with ISO27001; and

11.7. All companies where information security is critical to their business.

12. What will be the responsibility of the candidates working under Project T-20?

During first six months, candidates will be working as the “Information Security Research Analyst” under the “Trainee Cadre”, where candidates are responsible to do research work for following information security domains and submit their work for evaluation:

12.1. Operating System Security – UNIX, Linux, HP Solaris, Mainframes, Windows, etc.;

12.2. Apps Security – SAP, ERP, Hyperion, etc.;

12.3. DB Security – ORACLE, SQL, DB2, Informatica, etc.;

12.4. Network Security;

12.5. Cyber Security;

12.6. Data Privacy & Security;

12.7. Cloud Computing Security;

12.8. Mobile Security;

12.9. External Audits;

12.10. Risk Assessment & Treatment Planning;

12.11. Compliance Management;

12.12. Audit Preparedness;

12.13. IT Asset Management;

12.14. Physical & Environmental Security;

12.15. Human Resource Security;

12.16. Information systems acquisition, development and maintenance

12.17. ISMS Fundamentals;

12.18. Information security incident management;

12.19. Business Continuity and Disaster Recovery Planning;

TENURE: Tenure for this role is only 6 months. Another 6 months can be given as an extension to under-performing candidates. In case there is no improvement, there will be no extension given and candidates’ engagement would be terminated.

REMUNERATION: There will be no remuneration for this role as candidates will be provided with necessary training to make them employable. During research work, candidates with excellent performance may be given opportunities for execution of (or support to) real-life projects. If there is any revenue generation through such candidates, the deserving candidates shall get incentive based on their contribution and performance on the project they were engaged for.

13. What is he progression plan for the candidates with excellent performance during first 6 months?

After successful completion of 6 months full time engagement with GRCS, candidates will be promoted to “IT Security Engineer” under the “Management Cadre”. Progression of candidates will be based on their performance evaluation which will be measured on the number of research work done and score obtained.

As an “IT Security Engineer”, a candidate’s responsibility will be as under:

13.1. Design enterprises security architecture for the information technology environment;

13.2. Conduct following for the information technology environment (Servers, Network, Applications, Databases, Data Center, etc):

13.2.1. Gap Analysis;

13.2.2. Penetration Testing (Ethical Hacking);

13.2.3. Information Technology Vulnerability Assessment;

13.2.4. Information Technology Risk Management;

13.2.5. Information Technology Business Impact Analysis;

13.3. Implementation of information security management system;

13.4. Development and implementation of information security policy and process;

13.5. Conduct Training and Awareness Programme;

13.6. Information Technology Security Process Review;

13.7. Conduct internal / external Information System Audits and Assessments;

13.8. Audit Preparedness;

13.9. Information Security Compliance Management;

13.10. Regulatory Compliance Management mandated by various government and other authorities across the globe for various industries like BFSI (Banking, Finance, Insurance and Securities); Telecommunications, Manufacturing. etc.

Candidate may have to perform some duties which may be asked by the GRCS management to support the business in addition to, or in place of, these job description and responsibilities at, and for, any time.

14. What if a candidate is interested with this initiative?

Interested candidates can apply online at http://www.grcsipl.com/careers/apply/1500/. After screening of submitted profiles, there will be a telephonic discussion to assess the communication skill of the candidate followed by a technical assessment, then assessment of presentation skill and group discussion. Offer letter will be rolled out for the candidates passing all these assessments.

If a candidate has already applied on-line at http://www.grcsipl.com/careers/apply/1500/ , they are required to send a mail confirming his/her interest towards joining Project T-20 team.

Finally, we appeal all the readers of this document to share this document with their friends and relatives who are B.E./B.Tech and possessing good communication skills.

Thank you in advance.

Team GRCS