Senior Data Privacy and Cybersecurity - Technology Risk Advisory

Position summary :

- This is a great opportunity to join our Technology Risk Advisory Team which provides a wide range of technology risk services related to Data Privacy and Cybersecurity, SOX/ICFR, Service Organization Control (SOC) Reporting, ERP Implementation Assurance, and IT Audit.

- As a Data Privacy and Cybersecurity Senior, the individual should have extensive experience in various information Security domains such as: governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy, and data protection.

- This role also includes working alongside with our global teams to help clients in reviewing architecture and controls from data privacy and cybersecurity perspective and in providing advisory to mitigate the identified risks whilst simultaneously gaining skills to develop a career in a fast-growing professional services organization while ensuring exceptional client service, quality, and delivery.

Primary responsibilities :

- Execute activities related to the assessing, designing, and implementation new data privacy and cybersecurity frameworks, sustainable solutions (including applying knowledge of governance, risk, and compliance tools), operating processes, and people models to address key and evolving risks, as necessary

- Prepare the process narrative, process flowchart, policy and procedure document, risk control matrix (RCM), and the assurance task for the testing.

- Perform the Data Privacy and Cyber Security Assessments covering Vulnerability Assessment, Penetration Testing, Network Security Architecture Review, Secure Configuration / Code Review, etc., to Identify risks and process gaps, reduce risks by adding adequate controls, and cut company operational costs through innovative IT management techniques, implementing/suggesting leading industry practices.

- Perform the SOC Readiness Assessments to assist a service organization in assessing its preparedness for the SOC engagement.

- Document testing workpapers in accordance with common industry practice for the client engagements

- Prepare comprehensive executive summaries and final reports for delivery to the stakeholder.

- Lead the closure meeting with client to discuss about the noted observation and management action plan.

- Identify opportunities for new business opportunities with clients, support in proposal development, and identify and develop new solution offerings

- Contribute to the learning & development agenda and knowledge harnessing initiatives.

Qualifications, Skills, and Experience :

- Relevant professional qualifications such as B.S./ B.E./ B.Tech/ M.Tech/ MCA/ MS.

- 1-3 years working experience in a multinational corporate environment/ Big4/ mid or top-tier consulting firm.

- Industry certifications such as CISA, CSFA, CISM, CISSP or CRISC (or similar) will be advantageous.

- Familiarity with industry standards and frameworks such as OWASP TOP 10, CIS, CIA Triad, TCP, COSO/COBIT, ISO 27000, NIST CSF, PCI DSS, HITRUST, MITRE, and/or GDPR etc.

- Experience in data protection technologies such as encryption, PKI, tokenization, data discovery, data masking, data redaction, etc.

- Experience in conducting Network Security Architecture Review and configuration reviews of Routing Protocol, Active Directory, Cloud, Windows, Linux, UNIX, Solaris, Databases, etc.

- Experience in Penetration Testing of Infrastructure, Application, and/or Platform.

- Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc.

- Familiarity of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP OpenView, Cisco Works, Radius, Big Brother, F5.

- Experience with Cyber Threat Management domains such as: Threat Management, Cyber Operations/Fusion Managed Services, Malware Analysis, Collective Threat Intelligence and Cyber Risk Sciences, Incident Management and Forensics, Data Protection solutions.

- Scripting language understanding- NcML, Python, Bash, PowerShell, etc.

- Understanding of best practices in security engineering, including secure development, cryptography, network security, security operations, systems security, policy, web application security, and incident handling & response.

- Experience of SSAE 18 Engagement will be an advantage (Third Party Reporting e,g. , SOC 2, and SOC 3).

- Ability to draft comprehensive report stating about the findings and recommendations to the clients and senior management team.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.