Cyber Security Consultant

Functional Expertise  Lead and manage the organization’s Information Security Risk and Governance framework, ensuring alignment with business objectives and compliance requirements.  Draft, implement, and continuously improve security policies and procedures in alignment with regulatory requirements and industry standards. Ensure consistent enforcement of security policies across all departments.  Develop, implement, and monitor risk management policies, procedures, and controls to safeguard the organization & information assets.  Lead and manage Third-Party Risk Management efforts, assessing and mitigating risks posed by vendors, partners, and other third-party entities.  Collaborate with procurement and legal teams to develop and enforce security requirements in contracts and service agreements with third-party vendors.  Conduct risk assessments and ensure compliance with contractual and regulatory security requirements.  Lead incident response and investigations, providing subject matter expertise to mitigate security incidents, conducting root cause analysis, and recommending improvements to prevent future incidents.  Conduct comprehensive risk assessments and security audits across IT infrastructure, applications, and third-party systems to identify vulnerabilities and gaps, ensuring compliance with internal policies and external regulations.  Conduct regular risk assessments to identify vulnerabilities and threats and collaborate with relevant teams to define remediation strategies.  Oversee and manage the organization & information security governance structure, ensuring that security policies and procedures are communicated, adopted, and adhered to across the organization.  Establish and maintain a comprehensive risk register, and provide senior leadership with risk metrics and risk status updates.  Develop and provide security awareness training to employees, ensuring they are aware of the latest threats and best practices to follow.  Work with cross-functional teams to ensure compliance with relevant data protection laws, industry standards, and regulations (e.g., GDPR, ISO 27001, NIST, SOC 2, etc.). Qualification & Experience ● 6-8 years of hands-on experience in Information security governance with a focus on, Implementation Security strategies, RBI IT framework, ISO 27001 & Third-Party Risk Management. Proven track record of implementing and managing security Policies & strategy. Skills & know-how ● Minimum of 6 years of experience in information security, risk management, or related fields, with a proven track record in risk management governance and third- party risk management. ● Experience working with security frameworks, such as RBI MD IT, ISO 27001, NIST, and SOC 2, as well as industry regulations and standards (GDPR, DPDPA, etc.). ● Strong knowledge of third-party risk assessment methodologies and practices. ● Experience with tools and platforms for risk management, vendor management, and governance reporting. Behaviors ● Extremely high ownership with security mindset. ● Self-starter with a bias for action. ● Ability to operate in a high ambiguity environment. ● Robust Interpersonal Skills for collaborating with various Units for facilitating closures ● Effective Team Player. Show more Show less