Senior IT Risk Management Consultant

JOB DESCRIPTION - SENIOR- Risk Consulting - EGRC- IT Risk Management

Job Summary

As a Senior, you will work on client engagements to identify, assess, and mitigate security risks that could affect client organization. You will be responsible for developing risk management strategies and ensuring that risk management practices align with the client organization's goals and regulatory requirements and share any issues with the engagement manager.

Client responsibilities

• Ability to work as a team lead within IT Risk Management (ITRM) projects.
• Thorough knowledge of Information Security, Data Protection and Cyber Resilience fundamentals
• Right attitude towards teaming, ownership, and knowledge sharing
• Work back with the project team to maintain transparency in communication, highlight risks and share mitigation plan.
• Ability to visualise and propose solutions to customers based on the requirements shared.
• Help prepare reports and schedules that will be delivered to clients and other parties.
• Develop and maintain productive working relationships with client personnel.
• Planning and monitoring of the project deliverables for the team
• Mentor the project team in executing the project deliverables.
• Regular status reporting to the project manager and onsite coordinators
• Demonstrate flexibility to travel to the customer locations / other EY offices, on need basis.
• Good documentation and communication skills

People responsibilities

• Conduct performance reviews and contribute to performance feedback for the team.
• Foster teamwork, quality culture and lead by example.
• Understand and follow workplace policies and procedures.
• Train and mentor, the project resources and team members

Mandatory skills requirements

• 5+ years of experience in the field of IT Security / Information Security / Cyber Security / Cloud Security
• Comprehensive understanding of IT Processes Risk and Controls or experience in IT Audits, IT General Controls, IT Attestation (SOC1/SOC2 Reporting), SOX-ITGC, etc.
• Experience in working with IT Risk Management frameworks to identify, analyse, mitigate, monitor, and communicate IT risks.
• Conduct risk assessments for IT process, applications, network infrastructure assets.
• Draft IT/Cyber risk assessment reports including findings, associated risks, and recommendations.
• Develop Key Risk Indicators (KRIs) and creating dashboards for continuous monitoring of the risks.
• Experience in conducting IT controls validation and testing and identifying control deficiencies.
• Develop IT / Information security policies, standards, and procedures.
• Experience in working with leading industry standards such as NIST-CSF, ISO27001, ITIL, COBIT, PCI-DSS, CSA-CCM, CIS/ FFIEC Cloud Security Guidelines, and Regulatory guidelines like NYDFS, DHS, US-CERT etc.
• Experience working on various cloud platforms such as Azure, AWS, GCP would be a plus.
• Well versed with the security design concepts and should be able to drive discussions for IT risk management along with the customer.

Preferred skills

• Experience in conducting awareness training and workshops on IT Risk Management
• Demonstrated track record with a consulting organization and/or a blue-chip organization.
• Demonstrated experience in delivery of engagements and client management.
• Relevant professional qualifications such as CA, MBA, MCA, MS
• B.E/B.Tech (Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc. having experience with other Big3 or panelled IT/ ITeS companies.

Certifications (Preferred)

• Relevant professional certifications such as CISA, CISSP, CRISC, ISO27001 etc.
• Certifications in Cloud platforms such as Azure, AWS, GC etc.

Job Location:

Hyderabad