SRC Generic Associate

As an Associate, you will be aligned to our Strategy, Risk, & Compliance team which is focused on helping clients with their cybersecurity risk, compliance and governance efforts. You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans. you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution.

 Position Requirements 

• Security strategy and governance projects (security strategy, operating model, org structure etc.) 

• Assessments: Maturity assessment, Audit readiness, planning and framework assessment, cloud migration requirements, business case development, comparisons and vendor evaluation 

• Frameworks: Design framework program objectives, first/second/third line of defense, vision and mission statements, current state assessment and gap analysis, roadmap planning and estimation for the program, program governance and target operating model for NIST, PCI-DSS, HIPAA, HITRUST, ISO, COBIT etc. and vendor evaluation.

• Good experience in performing Organization Standard/Policy GAP assessment and Maturity assessments with Industry best practices (NIST/ISO/PCI...etc.). 

• Policy management (policy writing, policy review, policy lifecycle) projects 

• Cloud architecture definition and assessment: development of cloud reference architecture, target state cloud architecture definition, compliance requirements, migration strategies.

• Must have hands on experience and well proficient in Cybersecurity standard creation, policy writing and maintenance 

• Good understanding of Legal, Regulatory and Privacy requirements to integrate within the Cybersecurity Program. 

• Good understanding of various components of an enterprise Cybersecurity program, including governance structures, Risk and Threat Management, key controls, key processes, Security architecture and Security training program 

• Recommending Cybersecurity action plans for organizations to achieve their overall cybersecurity objective 

• Good Knowledge and experience with GRC tools such as MetricStream, Open Pages, Archer and data analytics & \visualization tools used in the Industry such as PowerBI, Alteryx and Tableau. 

• Experience in partnering with various functions within the Cybersecurity organization to capture and document the services and associated core processes, work instructions, and templates.

• Analyze the security posture of the organizations by assessing the design and implementation of security controls. 

• Experience in Vendor risk management, Outsourcing risk management, Technology Risk, Information Security. 

• Strong understanding of Cybersecurity and Risk Control frameworks and their adoption in the Supplier management domain. 

• Experience in implementing effective and innovative technology solutions.

Desired Knowledge 

• Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment. 

• Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.

• Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs.

• Ability to create domain specific training content and deliver trainings effectively

• Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.

• Develop/implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture.

• Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in client’s security strategy plans and architecture artifacts. 

Professional & Educational Background 

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems).

• Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC)

Additional Information 

Travel Requirements: Not Applicable

• Line of Service: Advisory

• Industry: Consulting

• Must be ready to work on-site full-time (timings will be 2 pm or sooner until 11 pm IST)

Minimum Years of Experience

1- 3years