Competencies:

1. Proficient in planning and executing Cybersecurity Risk Management program activities

2. Keen understanding of leading Risk Management frameworks and standards (e.g. NIST RMF)

3. Ability to conduct end-to-end Risk Assessments independently for a variety of systems and technologies

4. Sound understanding on cybersecurity tools and latest technologies

5. Exposure to cybersecurity strategy, governance, and compliance programs

6. Experience in IT configuration and change management for on prem and cloud environments.

7. In-depth knowledge of cloud security principles, technologies, and best practices, with hands-on experience in implementing security controls in cloud environments.

Job Accountabilities:

1.     Building senior executive-led cyber risk programs based on the organization’s risk appetite, that can track progress, and continuously adapt to shifting agency strategies, evolving regulations and ever-growing cyber threats.

2.     Performing cybersecurity risk assessments that involve building or customizing a robust cybersecurity risk management framework, analyzing existing processes & controls for inadequacies (gaps) and recommending corrective action plans with a prioritized list of initiatives to achieve the intended target state.

3.     Conducting interviews and process walkthroughs with business, IT and third parties for identifying business, IT, and cybersecurity risks.

4.     Understanding and documenting risks as well as control deficiencies identified during such risk assessments/review sessions.

5.     Quantifying risks identified during the assessments to enable appropriate prioritization for effective risk remediation.

6.     Selecting and guiding the deployment of technical controls to mitigate identified risks.

7.     Reviewing and consolidating project status and activity updates, issues, changes, risks to the project manager in a timely manner.

8.     Participating in Governance Risk and Compliance program initiatives to ensure holistic understanding and uplifting of the GRC function.

9.     Defining security hardening standards and guidelines based on keen knowledge of industry standards applied to the organization’s unique technology stack and context.

10. Developing and maintaining cloud security governance frameworks, policies, and standards aligned with industry best practices and regulatory requirements.

11. Conducting risk assessments and compliance reviews of cloud service providers and cloud environments to identify security vulnerabilities, assess risks, and ensure compliance with security standards and contractual requirements.

12. Conducting IT risk assessments of systems, networks, and infrastructure to identify vulnerabilities and assess the effectiveness of security controls.

Skills Required (Knowledge and Skills):

1.     Knowledge of IT system, networking and database concepts

2.     Knowledge of TCP/IP and Operating Systems (Windows/Unix), databases, network devices etc.

3.     Knowledge/ experience in implementing standard Network And Endpoint security controls/technologies (Firewalls, IDS, VPN, Anti-virus etc) and ability to review IT/ Network architecture from a security perspective

4.     Knowledge/Experience in defining/ assessing security hardening or secure configuration best practices for IT infrastructure (operating systems, network or security devices, databases) and applications.

5.     Knowledge and experience of performing gap analysis of organizational policies or processes against security best practices such as ISO 27001, PCI DSS, NIST, COBIT etc

6.     Experience in performing independent risk assessments for projects, applications or infrastructure and recommending risk mitigation controls to reduce the risk

7.     Knowledge of Business Continuity and Disaster Recovery principles

Experience and Qualifications:

1.     BE/B.Tech/ME/M.Tech/MCA/MS from a reputed/recognized institute

2.     Four to Six years of relevant experience in Information Security

3.     Excellent verbal, written communication and presentation skills

4.     Personal Drive and Positive Work Ethic to deliver results within tight deadlines and demanding situations

Flexibility to adapt to a variety of tasks and activities, work environments and locations

5.     Ability to comprehend tasks with medium complexity and create execution plans for review by managers and deliver with minimum supervision

6.     Ownership mindset and should demonstrate persistence in following up on tasks to be performed by other stakeholders so that project timelines can be met

7.     Any one of following certification will be an added advantage: CISA/CCNA Security/CISSP/CISM/CRISC/ GIAC/CCSP/CCSK.

8.     Any security cloud certification in Azure, AWS, GCP.