We Build Dream Careers
If you believe you are dynamic, self-driven, motivated and have the desire to join a fast-growing practice of professionals in the areas of Risk & Compliance / Digital Identity / Cyber / Analytics / Technology & Digital / ERP & Enterprise Application consulting, then explore this post further.
Our practice is made of like-minded professionals like you who were part of the Industry (CIO’s, CISOS, CXO’s), Big 4, management consulting or technology firms. We are not a consulting mall, but a niche services provider who believes in providing value to our clients and we aspire to be the best at what we do. We believe that our People are our brand ambassadors and hence we take pride in saying that our partners spend extensive time in nurturing, coaching and mentoring their team and #PeopleFirst focus is ingrained in our DNA. So what is stopping you, jump in and explore. Start your journey with us and we assure you that you will experience the best phase of your career.
We are looking for professionals at all levels (Consultant – Director) to fill out various roles in Advisory, Design & Implementation and Managed Services across our offices in India. You will get to work with the best of domestic, multi-national and global clients. We provide flexible working arrangements and also believe in #WorkLifeFit, where you also get to pursue your hobbies / activities outside of work
Information Security Management / GRC / Risk Assurance & Cyber Professionals
Designation- – Across all levels
Experience: 2- 12+ years
Desired skills and experience:
- We are not hiring for a job, we build careers. Read further to find out more
- We are looking for smart analysts, consultants or architects who have experience in cyber security / information security management, GRC – governance risk and compliance, risk management & assurance, IT general controls, extended enterprise / third party management, business continuity, digital identity, threat hunting and assessment, privacy and data governance
- Responsible for ISO 27001 based Information Security Management System implementation and sustenance
- Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk
- Perform risk treatment, control design and implementation assessment
- Assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Authentication, Security Incident management process, Backup process, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling
- Assess and advise on third party risks including but not limited to the review of assurance reports such as; SOC1, SOC2, ISO 27K certificate and SOA & PCI AOC; compensating controls and management of residual risks
- Importance and working knowledge of IT SOX compliance
- Experience and exposure on conducting application/ infrastructure/ technology/ cloud risk assessments
- Assist client in developing information assets inventory and classification
- Conduct clients vendors risk assessment and providing a holistic view of clients risk exposure due to
- outsourcing
- Advise and assist clients to develop and implement Information classification framework
- Good understanding of data protection technologies such as encryption, data discovery, data obfuscation, etc..
- Conduct Information Systems audits covering IT infrastructure assets
- Advise clients on Digital Identity design, implementation, integration, configuration and also provide managed Identity services
- Advise clients on Business Continuity Planning, IT Disaster Recovery planning
- Advice clients on data privacy, data leakage prevention, identity and access management
- Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for ensuring appropriate stance of data privacy safeguards.
- Demonstrates ability to work independently on projects with limited supervision with the ability to handle multiple cross functional stakeholders in time bound pressurizing situations
- Demonstrates understanding of complex business and information technology management processes
- Demonstrates working knowledge of firm tools and methodologies that may be suitable for the engagement
- Good knowledge of Cyber risk quantifications
- Experience in leveraging industry standards and frameworks such as ISO/IEC 17799, ISO/IEC 27001, NIST, COBIT, ITIL, etc.
- ISO27001 LA/ LI, ISO22301 LA/LI, CISSP, CRISC, CISM, CISA certifications preferred
- Experience in in the areas of IT Audits, SOX / ICFR / IFC / SAS 70 / SSAE / SOC 1 / 2 / 3, IT Financial Audit and Business Automated Controls, IT Risk consulting or any other regulatory / compliance audits
- Knowledge of ERP’s like SAP / OFIN / JDE / Oracle etc. and their native application and security controls
- Must have hands on experience or led projects to comply with regulatory requirements/ International standards like (SSAE / ISAE / SOX / PCl DSS / ISO 27001) and good practices (COSO, COBIT) relating to Information security
- Audit Management, Team Leadership, Client Management, Project Management
- Client & Account Management, Sales & Business Development, Team Leadership, Project Management
- Self Driven Go-Getter who aspires to be part of a fast-growing team supporting business Pan-India, South Asia and APAC markets
- Must have Excellent English skills, excellent presentation skills, excellent soft-skills (influencing & negotiation)