Job description
Location: Bangalore / Pune
Experience: 5-8 Years
Notice Period: Immediate to 30 Days
Type: Work from Office
Salary: 15 LPA to 20 LPA
Educational Qualification: Bachelor's degree in any stream.
We are seeking an experienced Security Risk Consultant to join our team with a strong understanding of the foundation of Risk Management, Business Continuity & Disaster Recovery Strategies, Compliance Management, and Data Privacy.
The candidate must be able to consult, engineer and apply security best practices while designing and proposing solutions to our enterprise customers. Should be able to conduct system security, vulnerability analysis and risk assessment, identify security gaps, and recommend improvement on policy, process, baseline, and frameworks. If you think you're the right one, apply now and be the change!
Knowledge and Skills Required:
- Security Compliance & Governance Service
- Policy, procedure & framework design, and implementation
- Risk Management
- Security Baselining
- Best Practice Recommendation
- Public & Private Cloud security assessment & recommendation.
- Hands-on experience with Cloud Security frameworks like CSA CCM, ISO 27017
- Hands-on experience with GRC tools (e.g., RSA Archer, MetricStream, ServiceNow GRC etc.)
- End to End knowledge and hands-on experience in Risk Management Lifecycle (Risk Identification, Risk Assessment, Risk Response, Risk & Control Monitoring & Reporting)
- Excellent understanding and hands-on experience in Business Continuity Lifecycles, Business Impact Analysis, Crisis Communication, Maturity Analysis
- Hands-on experience driving Disaster Recovery strategy and in-depth understanding of DR technology assessment.
- Exposure with Tool based BCP and DR module implementation is desired.
- Good understanding of the COBIT, NIST CSF, ISO 27001, ISO 31000, and ISO 22301 standards
- Cloud Security Trust, Assurance & Governance
- Audit Automation
- HIPAA, Data privacy (GDPR, CCPA), Data localization, Compliance Assessment
- Service Organization Control (SOC1, SOC2) Audit & Compliance
- CISO/vCISO Advisory
- Software Security Framework (e.g., BSSIM, OWASP SAMM)
- Excellent written & verbal communication and analytical skills are required.
- Good documentation skills and problem-solving skills are a must.
- Minimum three years of working experience in Cyber Security Consulting or Advisory in Risk Assessment, BCP/DR, and Data Privacy.
- Experience only in support and managed services without consulting and advisory experience in recent years will be ineligible.
- The candidate should be part of the Core Security Strategy and Implementation team.
- Successfully delivered at least 2 (two) Cyber Security consulting projects as a consultant in recent years (2 years).
- Good understanding of the ISO 22301, COBIT and ISO 27001 standards
Responsibilities
- Assess security architecture.
- The candidate must conduct a risk assessment, analysis, and recommendation.
- Auditing.
- Business impact & privacy analysis.
- Security compliance, governance audits
- Prepare security policy, framework, and guidelines.
- Advisor to Senior Management on Business Continuity, Risk Management program
- Technical documentation.
- Participate as the key stakeholder of the enterprise Information Security Board, Steering Committee, and Architecture Review Board.
- Interact with senior stakeholders across departments.
- Reach and influence a wide range of people across larger teams and communities.
- Research and apply innovative security solutions to new or existing problems and be able to justify and communicate design decisions
- Develop a vision, principles, and strategy and effectively communicate to the Leadership.
- Identify Security Controls, test the effectiveness of Controls, and propose countermeasures or contingency plans for Risk reduction.
- Translate security requirements to Functional and technical controls.
- Help customers to manage the statutory/regulatory Compliance requirements.
Certification:
Preferred Certification (Certification should be valid)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Auditor (CISA)
- Certified Information Security Manager (CISM)
- CDPSE, CIPP, CIPE
- ISO 22301
- CRISC
What We Offer:
- Career and competence support.
- Clearly defined career paths
- Personal Accident Policy
- Paid Maternity Leave and Paternity Leave
- Employee Assistance Program
- Gratuity
- Relocation Assistance
- Open Door Policy
- Disability Income Protection
- Equal Employment Opportunity