SRC GenericSenior Associate

Position Requirements

• Security strategy and governance projects (security strategy operating model org structure etc.)

• Assessments: Maturity assessment Audit readiness planning and framework assessment cloud migration requirements business case development comparisons and vendor evaluation

• Frameworks: Design framework program objectives first/second/third line of defense vision and mission statements current state assessment and gap analysis roadmap planning and estimation for the program program governance and target operating model for NIST PCI-DSS HIPAA HITRUST ISO COBIT etc. and vendor evaluation.

• Good experience in performing Organization Standard/Policy GAP assessment and Maturity assessments with Industry best practices (NIST/ISO/.).

• Policy management (policy writing policy review policy lifecycle) projects

• Cloud architecture definition and assessment: development of cloud reference architecture target state cloud architecture definition compliance requirements migration strategies.

• Must have hands on experience and well proficient in Cybersecurity standard creation policy writing and maintenance

• Good understanding of Legal Regulatory and Privacy requirements to integrate within the Cybersecurity Program.

• Good understanding of various components of an enterprise Cybersecurity program including governance structures Risk and Threat Management key controls key processes Security architecture and Security training program

• Recommending Cybersecurity action plans for organizations to achieve their overall cybersecurity objective

• Good Knowledge and experience with GRC tools such as MetricStream Open Pages Archer and data analytics & visualization tools used in the Industry such as PowerBI Alteryx and Tableau.

• Experience in partnering with various functions within the Cybersecurity organization to capture and document the services and associated core processes work instructions and templates.

• Analyze the security posture of the organizations by assessing the design and implementation of security controls.

• Experience in Vendor risk management Outsourcing risk management Technology Risk Information Security.

• Strong understanding of Cybersecurity and Risk Control frameworks and their adoption in the Supplier management domain.

• Experience in implementing effective and innovative technology solutions.

Desired Knowledge

• Excellent written and oral communication skills can express thoughts clearly knows how to listen and is able to contribute in a team environment.

• Must communicate consistently and drive objectives relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.

• Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills individual initiative and utilizing Office 365 MS Office (Word Excel Access PowerPoint) and Google Docs.

• Ability to create domain specific training content and deliver trainings effectively

• Good presentation project management facilitation and delivery skills as well as strong analytical and problem-solving capabilities.

• Develop/implement automation solutions and capabilities that are clearly aligned to client business technology and threat posture.

• Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that theyre adequately addressed in clients security strategy plans and architecture artifacts.

Professional & Educational Background

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science Information Cybersecurity Information Technology Management Information Systems).

• Certification(s) Preferred: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC)