Minimum Degree Required: Bachelor’s or master’s degree in Computer Science/Communications or related field from reputed Indian universities

Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC)

Required Experience:

• 4-8 years of industry experience in the Governance Risk and Compliance domain.
• MUST have experience and proficient in implementation and assessments of Cybersecurity frameworks – NIST CSF, COBIT, FSP, TOGAF, etc
• Good Experience and proficient in Cyber Risk Management, Control design and testing, Cybersecurity maturity assessments, Vendor Risk assessments, etc
• Controls and Gap Assessments based on Industry standards, such as, PCI, HITRUST, NIST 800-53, CIS – CSC, prepare compliance reports, identify Risk owners, and partnering with Security and IT teams to develop and track remediation plans as per SLA requirements.
• Hands on experience in Regulatory Compliance – SOX, FFIEC, NY DFS, etc
• Ability to identify security risk, analyze, and articulate security scenarios into assessments, summary and other documentations.
• Demonstrates proven extensive knowledge in developing cybersecurity strategy, defining Cyber KPI and KRI along with roadmap recommendations. 
• Effective ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to business owners
• Good understanding of the various components of an enterprise Cybersecurity program, including governance structures, policy frameworks, key controls, key processes, technology architecture and security training programs.
• Deep understanding of Cyber programs such as Threat Management, Secure SDLC, Security Architecture, Network and Data Protection.
• Good Knowledge and experience with Risk and compliance management tools such as MetricStream, Open Pages, Archer along with Data analytics & visualization tools used in the Industry such as PowerBI, Alteryx and Tableau.

Required Communication, Presentations and General skills:

• Excellent communication skills and executive presence that enable effective engagement with senior stakeholders
• Excellent written skills, ability to interpret and articulate the security scenario 
• Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs.
• Ability to create domain specific training content and deliver trainings effectively
• Communicating in an organized and knowledgeable manner in written and verbal formats including delivering clear requests for information and communicating potential conflicts
• Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
• Develop/Implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture.
• Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they’re adequately addressed in client’s security strategy plans and architecture artifacts.