Supervisor - Governance Risk & Strategy

- B.Tech/ MCA/ MBA with a minimum of 5 -7 years of relevant experience in IT Risk/ Cyber security/ Data privacy

- Candidate should have Strong technical knowledge in one or more of the following: network and application security testing, IT security governance and risk, digital forensics and incident response, security architecture, deployment of security appliances such as DLP, SIEM, IDS/IPS, etc.

- In-depth knowledge of the security and privacy provisions of a variety of regulations and standards such as PCI, NERC/CIP, SOX, HIPAA/HITECH, FFIEC, EU Privacy Laws, ISO, and NIST 800 series

- Proficiency with a variety of Windows, Unix and Linux operating systems

- Familiar with security testing techniques such as network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box)

- Experience with testing and development frameworks such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115

- One or more of the following technical certifications or similar: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); GIAC Web Application Security (GWAS); Offensive Security Certified Professional (OSCP); GIAC Certified Incident Handler (GCIH); GIAC Reverse Engineering Malware (GREM); PCI Qualified Security Assessor (PCI-QSA); etc.

- One or more of the following governance certifications: Certified Information Systems Security Professionals (CISSP); Certified Information Security Manager (CISM)

- Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices

- Strong multi-tasking and project management skills

- Excellent verbal and written communication (English) as the position requires frequent communications with International clients

Position & Key Responsibilities

The supervisor will be an integral team member by assisting in our Security and Privacy Risk Consulting (SPRC) practice.

This individual can possess a variety of skill sets such as performing and overseeing governance assessments (HIPAA, NIST, ISO, FISMA, etc.), vulnerability assessments, penetration testing, incident response, Payment Card Industry (PCI) assessments, as well as experience in managing or deploying SIEM, DLP, and Identity Management solutions.

- Develop an understanding of the Security and Privacy Risk Consulting approach, methodology and tools

- Demonstrate experience of cyber security, information security and data privacy, risk management frameworks and related regulatory and compliance standards

- Oversee the work and manage the engagements and team members ensuring quality and meeting the requirements of the engagement letter / contract

- Oversee assessments against a variety of regulatory and industry standards such as PCI, FFIEC, ISO 2700X, NIST sp800 series, FISMA, FedRAMP, HIPAA/HITECH, and NERC/CIP

- Assisting with building our security, privacy and risk practice through developing knowledge base and skill set

- Assist clients in improving the capabilities and maturity of their monitoring program by identifying appropriate technologies, policies, organizational structures, and relations with third parties

- Demonstrate experience related to delivering data protection, breach management and regulatory privacy assessments

- Leading the IT security policies, procedures, and controls of our clients- business applications, networks, operating systems, and other components of their technology infrastructure

- Assist with the development and delivery of remediation recommendations for identified findings

- Be able to communicate to clients regarding the strategic and tactical risks of advanced security threats, enterprise security management practices and innovative solutions to that help clients mitigate information security risk factors

- Communicate complex technical issues to client senior management through the ability to transform such data into layman and executive style reports and presentations

- Leverage industry and technical expertise to identify improvement opportunities for assigned clients and assist with the development of remediation services for identified findings

- Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables

- Understand work as a team in providing an integrated service delivery

- Ensure that documentation is compliant with quality standards of the firm

- Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements

- Work collaboratively as a part of the team and communicate effectively with consulting professionals, managers, and senior management in the U.S. on a daily basis

- Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients

- Open to work on other solution sets considering business requirements