SRC Cyber Strategy

As a Senior Associate, you will be aligned to our Strategy, Risk, & Compliance team which is focused on helping clients with their cybersecurity risk, compliance, and governance efforts. You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans. You will work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution.

 Position Requirements 

• Collaborate with clients to assess cybersecurity strategies and maturity, develop aligned roadmaps, and guide integration into business processes and digital transformation.

• Assessmentsexperience: Maturity assessment, Audit readiness, planning and framework assessment, cloud migration requirements, business case development, comparisons, and vendor evaluation.

• Frameworks experience: Design framework program objectives, first/second/third line of defense, vision and mission statements, current state assessment and gap analysis, roadmap planning and estimation for the program, program governance and target operating model for NIST, PCI-DSS, HIPAA, HITRUST, FFIEC, ISO,FedReg, FedRAMP, COBIT etc. and vendor evaluation.

• Must have hands-on experience and proficiency in creating, writing, and maintaining cybersecurity standards and policies. Assessing the maturity of clients’ current cybersecurity program and identifying areas for improvement.

• Develop presentations and reports to communicate cybersecurity strategies to client leadership and support the engagement team in planning and executing multi-domain cybersecurity initiatives.

• Stay informed about emerging cybersecurity technologies, threats, and best practices, conduct research on industry trends and regulatory changes affecting cybersecurity, and advise on the adoption of cybersecurity frameworks and tools (e.g., NIST, ISO, COBIT) that align with clients' needs.

• Stay informed about emerging cybersecurity technologies, threats, and best practices, conduct research on industry trends and regulatory changes affecting cybersecurity, and advise on the adoption of cybersecurity frameworks and tools (e.g., NIST, ISO, COBIT) that align with clients' needs.

• Good understanding of Legal, Regulatory and Privacy requirements to integrate within the Cybersecurity Program. 

• Good understanding of various components of an enterprise Cybersecurity program, including governance structures, Risk and Threat Management, key controls, key processes, Security architecture and Security training program 

• Recommending Cybersecurity action plans for organizations to achieve their overall cybersecurity objective 

• Good Knowledge and experience with GRC tools such as MetricStream, Open Pages, Archer and data analytics & \visualization tools used in the industry such as PowerBI, Alteryx and Tableau. 

• Experience in partnering with various functions within the Cybersecurity organization to capture and document the services and associated core processes, work instructions, and templates.

• Analyze the security posture of the organizations by assessing the design and implementation of security controls. 

• Strong understanding of Cybersecurity and Risk Control frameworks and their adoption in the Supplier management domain.

Desired Knowledge 

• Excellent written and oral communication skills, presentation skills, strong analytical and problem-solving skills can express thoughts clearly, knows how to listen and is able to contribute to a team environment. 

• Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.

• Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs.

• Assessing or implementing cybersecurity processes and governance, and experience in working independently or as part of a large team to deliver cybersecurity services on its own or within large complex projects.

• Knowledge in cloud security, network security, and endpoint protection, combined with proficiency in utilizing threat intelligence and developing effective incident response practices to anticipate, identify, mitigate, and swiftly recover from potential cyber threats.

• Develop/implement automation solutions and capabilities that are clearly aligned to client business, technology, and threat posture.

Professional & Educational Background 

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems).

• Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), ISO27001and other relevant cybersecurity certifications.

Additional Information 

Travel Requirements: Not Applicable

• Line of Service: Advisory

• Industry: Consulting

• Must be ready to work on-site full-time (timings will be 2 pm or sooner until 11 pm IST)

Minimum Years of Experience

4 - 8 years