Minimum Degree Required: Bachelor’s or master’s degree in Computer Science/Communications or related field from reputed Indian universities
Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC)
- 4-8 years of industry experience in the Governance Risk and Compliance domain.
- MUST have experience and proficient in implementation and assessments of Cybersecurity frameworks – NIST CSF, COBIT, FSP, TOGAF, etc
- Good Experience and proficient in Cyber Risk Management, Control design and testing, Cybersecurity maturity assessments, Vendor Risk assessments, etc
- Controls and Gap Assessments based on Industry standards, such as, PCI, HITRUST, NIST 800-53, CIS – CSC, prepare compliance reports, identify Risk owners, and partnering with Security and IT teams to develop and track remediation plans as per SLA requirements.
- Hands on experience in Regulatory Compliance – SOX, FFIEC, NY DFS, etc
- Ability to identify security risk, analyze, and articulate security scenarios into assessments, summary and other documentations.
- Demonstrates proven extensive knowledge in developing cybersecurity strategy, defining Cyber KPI and KRI along with roadmap recommendations.
- Effective ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to business owners
- Good understanding of the various components of an enterprise Cybersecurity program, including governance structures, policy frameworks, key controls, key processes, technology architecture and security training programs.
- Deep understanding of Cyber programs such as Threat Management, Secure SDLC, Security Architecture, Network and Data Protection.
- Good Knowledge and experience with Risk and compliance management tools such as MetricStream, Open Pages, Archer along with Data analytics & visualization tools used in the Industry such as PowerBI, Alteryx and Tableau.
Required Communication, Presentations and General skills:
- Excellent communication skills and executive presence that enable effective engagement with senior stakeholders
- Excellent written skills, ability to interpret and articulate the security scenario
- Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs.
- Ability to create domain specific training content and deliver trainings effectively
- Communicating in an organized and knowledgeable manner in written and verbal formats including delivering clear requests for information and communicating potential conflicts
- Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
- Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
- Develop/Implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture.
- Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they’re adequately addressed in client’s security strategy plans and architecture artifacts.