ISMS Consultant/AM - Risk Advisory Team

Skillset required

ISMS

Mandatory Skills - ISMS, Risk assessment, Infosec audits, ISO 27001

Interpersonal - Good communication skills

Job location - Mumbai

Work you'll do

As a part of our Risk Advisory team you'll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations.

You'll:

- Working knowledge in one or more security and privacy domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

- Experience in leveraging industry standards and frameworks such as ISO/IEC 17799, ISO/IEC 27001, COBIT, ITIL, etc.

- Demonstrates in-depth knowledge of security and privacy controls and risk management process

- Experience in data protection technologies such as encryption, data discovery, data masking, data redaction, etc.

- Possesses certifications such as ISO27001 LA/ LI, ISO22301 LA/LI, CISSP, CISA, CISM certification- preferred

The key skills required are as follows:

- Responsible for ISO 27001 based Information Security Management System implementation and sustenance

- Responsible for advising clients on Business Continuity Planning, IT Disaster Recovery planning

- Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

- Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling

- Responsible to assist client in developing information assets inventory and classification

Risk Advisory Cyber Risk

- Responsible for conducting clients vendors risk assessment and providing a holistic view of clients risk exposure due to outsourcing

- Responsible for advising and assisting clients to develop and implement Information classification framework

- Conduct Information Systems audits covering IT infrastructure assets

- Advice clients on data privacy, data leakage prevention, identity and access management

- Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions

- Demonstrates ability to work independently on projects with limited supervision

- Demonstrates understanding of complex business and information technology management processes

- Demonstrates working knowledge of firm tools and methodologies that may be suitable for the engagement

- Manages day-to-day client relationships at mid and lower levels.

Qualifications

- B.E / B.Tech (Tier 1/2) in Computer Science, Information Technology or related fields

- ISO 27001 LA/LI, ISO 31000 LA/LI, ISO 22301 LA/LI, CISA, ITIL, or equivalent certification preferred

- CISSP, GSEC, GCIH, CEH, LPT, CCSK, eGRC tools like Archer, OpenPages or functional certifications would be preferred