Cyber Risk & Compliance Consultant
We are looking for people with minimum 3 to 5 years of experience in at least two of the above standards / regulatory compliance requirements
Department: Cyber Risk & Compliance
Project Location(s): Bangalore, Infopark - Thrissur, Kochi
Education: Graduate
- Skills/Experience: Candidates must have demonstrable experience of delivering client-facing consultancy, covering some or all of the areas listed in the responsibilities section.
The candidate will also:
- Have at least 3 to 5 years experience in a consulting role
- Have a working understanding of the ISO 27001 / GDPR / NESA / QNIA / SAMA CSF
- Have awareness of PCI DSS
- Understand and have experience of reviewing/managing the following
- Server and desktop operating systems
- Network devices
- Vulnerability management
- Physical security
- Hold ISO27001 Lead Implementer or Lead Auditor certification
Certifications: Whilst a collection of certifications is less important than experience, possessing any of the following certifications would be beneficial:
Responsibilities:
- Run Compliance Workshops – presenting to top level management, decision makers and risk owners. You’ll be able to explain the standard / regulatory requirements in a clear way, and break it down into tasks that can form the beginning of our clients’ road to achieving ISO27001 certification
- Establish or improve an ISMS – guide our clients through the process of creating and implementing an ISMS
- Risk Workshops – working with our clients to introduce them to risk management, and help educate key stakeholders within their business
- Manage a risk assessment process – lead the delivery of a risk assessment, including defining the risk management methodology and conducting a risk assessment
- Perform control reviews – review the implementation status of technical and non-technical controls, report the findings, and provide pragmatic recommendations
- Develop risk treatment plans – work with clients to develop risk treatment plans
- Security Awareness Training – deliver end-user security awareness training sessions
- You will be delivering client engagements 60-70% of the time, which is split between on-site and remote days for reporting.
- Our clients are primarily based in India and Middle East, however some international travel is required- therefore all candidates must be willing to travel