Cyber Risk and TransformationAssociate

As a Associate you will be aligned to our Strategy Risk & Compliance team which is focused on helping clients with their cybersecurity risk compliance and governance efforts. You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans. youll work as part of a team of problem solvers helping to solve complex business issues from strategy to .

Position Requirements

• Assess the effectiveness of control frameworks to mitigate risks and achieve organizational goals.

• Stay updated on relevant regulations guidelines and industry best practices to minimize risk and ensure compliance.

• Recommend and implement corrective action plans to address and mitigate identified risks.

• Conduct internal security evaluations to ensure compliance with regulatory and organizational standards.

• Possess strong experience in conducting organization standard/policy gap and maturity assessments using industry best practices (NIST/ISO/PCI etc..

• Analyze the security posture of organizations by assessing the design and implementation of security controls.

• Strong understanding of cybersecurity and risk control frameworks and their application in supplier management.

• Experience in vendor risk management outsourcing risk management technology risk and information security.

• Comprehensive understanding of various components of an enterprise cybersecurity program including governance structures risk and threat management key controls key processes security architecture and security training programs.

• Recommend cybersecurity action plans to help organizations achieve their overall cybersecurity objectives.

• Handson experience and proficiency in creating writing and maintaining cybersecurity standards and policies.

• Experience partnering with various functions within the cybersecurity organization to capture and document services and associated core processes work instructions and templates.

• Perform various assessments including maturity assessments audit readiness controls design and effectiveness planning and framework assessments.

• Develop program objectives for the design framework encompassing the following elements:

• Establishment of the first second and third lines of defense.

• Formulation of clear vision and mission statements.

• Conducting current state and target state assessments.

• Planning and estimating the roadmap for the program.

• Implementing robust program governance.

• Creating target operating models for compliance standards such as NIST PCIDSS HIPAA HITRUST ISO and COBIT.

• Define and assess cloud architecture including the development of cloud reference architecture target state cloud architecture compliance requirements and migration strategies.

• Strong knowledge and experience with GRC tools such as ServiceNow MetricStream OpenPages Archer and data analytics and visualization tools like PowerBI Alteryx and Tableau.

• Proven experience in implementing effective and innovative technology solutions.

Desired Knowledge

• Excellent written and oral communication skills can express thoughts clearly knows how to listen and is able to contribute to a team environment.

• Must communicate consistently and drive objectives relying on factbased decisions about risk that optimize the tradeoff between risk mitigation and business performance.

• Demonstrates proven extensive abilities with leveraging creative thinking and problemsolving skills individual initiative and utilizing Office 365 MS Office (Word Excel Access PowerPoint) and Google Docs.

• Ability to create domain specific training content and deliver trainings effectively

• Good presentation project management facilitation and delivery skills as well as strong analytical and problemsolving capabilities.

• Develop/implement automation solutions and capabilities that are clearly aligned to client business technology and threat posture.

• Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that theyre adequately addressed in clients security strategy plans and architecture artifacts.

Professional & Educational Background

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science Information Cybersecurity Information Technology Management Information Systems).

• Certification(s) Preferred: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC)

Additional Information

Travel Requirements: Not Applicable

• Line of Service: Advisory

• Industry: Consulting

• Must be ready to work onsite fulltime (timings will be 2 pm or sooner until 11 pm IST)

Minimum Years of Experience

1 3 years