Job Description

Key Responsibilities: As a part of our Cyber strategy team, you will build and nurture positive working relationships with teams and clients with the intention to exceed client expectations.

• Develop, implement, and maintain risk and governance frameworks.

• Guide teams/Handle client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk.

• Recommend security solutions and enhancements aligned with business goals and threat landscape.

• Conduct security risk assessments of third-party vendors and service providers.

• Define TPRM frameworks and integrate them into the overall risk management program.

• Perform cybersecurity maturity assessments using established frameworks such as NIST CSF, NIST-800-53, ISO 27001

• Frontend teams for ISO 27001 based Information Security Management System implementation and sustenance-based projects.

• Lead risk identification, evaluation, mitigation, and monitoring activities.

• Deliver actionable insights and improvement roadmaps based on assessment results.

• Understand and evaluate application security architectures, including secure SDLC practices, threat modelling and secure coding standards.

• Plan, execute, and report on comprehensive IT and OT security audits.

• Lead teams or work as team member to conduct Information Systems audits covering IT infrastructure assets.

• Manages security and cyber strategy projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion.

• Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling.

• Conduct and support PCI DSS assessments and gap analysis.

• Provide guidance for remediation efforts to ensure ongoing compliance.

• Demonstrates understanding of complex business and information technology management processes.

• Ensure compliance with cybersecurity guidelines and regulations issued by RBI, SEBI, IRDA, BCAS, NCIIPC, and other relevant bodies.

• Track evolving regulatory requirements and integrate changes into the cybersecurity program.

• Understanding of cloud service models and security controls across major platforms (AWS, Google Cloud, Azure).

• Plan and execute ITGC control testing covering areas such as access management, change management, and operations controls. Identify control gaps and support remediation efforts.

• Interacts with clients, managers, and partners to build and nurture strong relationships.

• Tailors firm tools and methodologies as per client requirements.

Requirements
Desired qualifications

• B. E/ B-Tech (Tier 1/2) or master's degree in information security, Computer Science, or a related field

• Professional certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 LA/LI, ISO 31000 LA/LI, ISO 22301 LA/LI, CISA, ITIL or PCI QSA are preferred.

• 3 - 5 years of relevant experience in cybersecurity consulting, risk management, and compliance.

• In-depth knowledge of security frameworks and standards (e.g., NIST, ISO 27001, COBIT).

• Strong analytical, communication, and stakeholder management skills

Skills Required