Minimum Degree Required: Bachelor’s or master’s degree in Computer Science/Communications or related field from reputed Indian universities
Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC)
- 10-15 years of strong industry experience in the Governance Risk and Compliance domain. • MUST have experience and proficient in implementation and assessments of Cybersecurity frameworks – NIST CSF, COBIT, FSP, TOGAF, etc
- Good Experience and proficient in cyber risk Management/control design and testing/ Cybersecurity maturity assessments/ Third Party Risk Management/Supplier or Vendor Risk assessments/ etc
- Good Experience in controls and gap assessments based on Industry standards, such as, PCI, HITRUST, NIST 800-53, CIS – CSC, prepare compliance reports, identify Risk owners, and partnering with Security and IT teams to develop and track remediation plans as per SLA requirements.
- Good understanding of Legal, Regulatory and Privacy requirements to integrate within the Cybersecurity Program.
- Good understanding of various components of an enterprise Cybersecurity program, including governance structures, Risk and Threat Management, key controls, key processes, Security architecture and Security training program.
- Responsible for managing relationships with third parties that provide data services for Continuous Monitoring program, including closing findings, completing assessments, and attesting that ongoing management activities are conducted.
- Good understanding of compliance standards/frameworks like ISO 27001/27002, NIST, COBIT, SOX, GLBA, SSAE16/SOC 2, etc. will be an advantage.
- Demonstrates extensive knowledge in developing cybersecurity strategy, target operating models and cybersecurity governance models, cybersecurity architecture and roadmaps for Executive Management of leading organizations
- Good Knowledge and experience with GRC tools such as MetricStream, Open Pages, Archer and data analytics & visualization tools used in the Industry such as PowerBI, Alteryx and Tableau. • Recommending Cybersecurity action plans for organizations to achieve their overall cybersecurity objective • Ability to identify security risk, analyze, and articulate security scenarios into assessments, summary and other documentations.
- Demonstrates proven extensive knowledge in developing cybersecurity strategy, defining Cyber KPI and KRI along with roadmap recommendations.
- Effective ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to business owners
- Good understanding of the various components of an enterprise Cybersecurity program, including governance structures, policy frameworks, key controls, key processes, technology architecture and security training programs.
Required Communication, Presentations and General skills:
- Excellent communication skills and executive presence that enable effective engagement with senior stakeholders
- Excellent written skills, ability to interpret and articulate the security scenario
- Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs. • Ability to create domain specific training content and deliver trainings effectively
- Communicating in an organized and knowledgeable manner in written and verbal formats including delivering clear requests for information and communicating potential conflicts
- Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
- Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
- Develop/Implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture.
- Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they’re adequately addressed in client’s security strategy plans and architecture artifacts.