Pierian Services - Manager - Cyber Security/Technology Risk Advisory

Manager - Cyber Security- Technolgy Risk Advisory

Manager - Data Privacy and Cybersecurity - Technology Risk Advisory

Position summary:

- This is a great opportunity to join our Technology Risk Advisory Team which provides a wide range of technology risk services related to Data Privacy and Cybersecurity, SOX/ICFR, Service Organization Control (SOC) Reporting, ERP Implementation Assurance, and IT Audit.

- As a Data Privacy and Cybersecurity Manager, the individual should have extensive experience in various information Security domains such as: governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy, and data protection.

- This role also includes working alongside with our global teams to help clients in reviewing architecture and controls from data privacy and cybersecurity perspective and in providing advisory to mitigate the identified risks whilst simultaneously gaining skills to develop a career in a fast-growing professional services organization while ensuring exceptional client service, quality, and delivery.

Primary responsibilities:

- Manage the execution of related client engagements, including engagement planning, status, process walkthroughs, and closing meetings with clients

- Plan and execute activities related to the assessing, designing, and implementation new data privacy and cybersecurity frameworks, sustainable solutions (including applying knowledge of governance, risk, and compliance tools), operating processes, and people models to address key and evolving risks, as necessary

- Prepare and/or supervise the team member in the process narrative, process flowchart, policy and procedure document, risk control matrix (RCM), and the assurance task for the testing.

- Act as a subject matter specialist on Data Privacy and Cyber Security Assessments covering Vulnerability Assessment, Penetration Testing, Network Security Architecture Review, Secure Configuration / Code Review, etc., to Identify risks and process gaps, reduce risks by adding adequate controls, and cut company operational costs through innovative IT management techniques, implementing/suggesting leading industry practices.

- Manage and/or perform the SOC Readiness Assessments to assist a service organization in assessing its preparedness for the SOC engagement.

- Review and/or Draft comprehensive executive summaries and final reports for delivery to the stakeholder and document and review engagement workpapers in accordance with common industry practice for the client engagements

- Lead the closure meeting with client to discuss about the noted observation and management action plan.

- Identify opportunities for new business opportunities with clients, support in proposal development, and identify and develop new solution offerings

- Manage engagement budgets and ensure compliance with engagement plans and internal quality

- Display teamwork, integrity, and leadership. Work with team members to set goals and responsibilities for specific engagements. Foster teamwork and innovation.

- Conduct workshops and technical training sessions for team members. Contribute to the learning & development agenda and knowledge harnessing initiatives.

- Attract, develop, and retain talent that is focused on high quality output and a growth mindset.

Qualifications, Skills and Experience:

- Relevant professional qualifications such as B.S./ B.E./ B.Tech/ M.Tech/ MCA/ MS.

- 5+ years working experience in a multinational corporate environment/ Big4/ mid or top-tier consulting firm.

- Industry certifications such as CISA, CSFA, CISM, CISSP or CRISC (or similar) will be advantageous.

- Familiarity with industry standards and frameworks such as OWASP TOP 10, CIS, CIA Triad, TCP, COSO/COBIT, ISO 27000, NIST CSF, PCI DSS, HITRUST, MITRE, and/or GDPR etc.

- Experience in data protection technologies such as encryption, PKI, tokenization, data discovery, data masking, data redaction, etc.

- Experience in conducting Network Security Architecture Review and configuration reviews of Routing Protocol, Active Directory, Cloud, Windows, Linux, UNIX, Solaris, Databases, etc.

- Experience in Penetration Testing of Infrastructure, Application, and/or Platform

- Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc.

- Familiarity of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP OpenView, Cisco Works, Radius, Big Brother, F5.

- Experience with Cyber Threat Management domains such as: Threat Management, Cyber Operations/Fusion Managed Services, Malware Analysis, Collective Threat Intelligence and Cyber Risk Sciences, Incident Management and Forensics, Data Protection solutions.

- Scripting language understanding- NcML, Python, Bash, PowerShell, etc.

- Understanding of best practices in security engineering, including secure development, cryptography, network security, security operations, systems security, policy, web application security, and incident handling & response.

- Experience with leading and executing SSAE 18 Engagement will be an advantage (Third Party Reporting e,g, SOC 2, and SOC 3).

- Ability to draft comprehensive report stating about the findings and recommendations to the clients and senior management team.