Cyber Strategy

o   Lead and support risk assessments of new and existing technology initiatives, products, and services.

o   Conduct deep-dive risk reviews of IT and Cyber domains such as Identity & Access Management, Network Security, Incident Management, Data Protection etc.

o   Advise business and IT stakeholders on risk mitigation strategies and control enhancements.

       Technology Risk Oversight

o   Provide independent oversight and challenge to first line technology risk activities, controls, and remediation plans.

o   Review and assess technology risk and control self-assessments (RCSAs), risk registers, and key risk indicators (KRIs).

o   Monitor emerging technology risks (e.g., AI, quantum, etc.) and escalate as appropriate.

       Policy & Framework Review & Development

o   Contribute to the development, maintenance, and enhancement of technology risk management frameworks, policies, and standards.

o   Ensure alignment with regulatory expectations (e.g., FFIEC, NIST, ISO 27001) and industry best practices.

       Cyber Maturity Review & Challenge

o   Review quarterly cyber maturity reviews performed by first-line and challenge the outcomes with clear reasoning.

       Reporting & Communication

o   Prepare and present technology risk reports, dashboards, and insights for senior management and governance committees.

o   Communicate complex technology risk concepts in clear, business-focused language.

Qualifications:

Must Have Skills/Project Experience/Certifications:

       Bachelor’s degree in information technology or related field

       3-5 years information security experience with 3+ years of experience in technology risk management

       Excellent verbal and written communication

       Understanding and knowledge of industry standards and industry frameworks (e.g., COBIT, COSO, ISO 27001, PCI, NIST)

       Experience of implementing and operationalizing technology risk management programs.

       Understanding of security requirements, contributions to security design and hands-on implementation of multiple security technologies and capabilities

       Hands on experience working with stakeholders in identifying, prioritizing and developing plans and roadmaps for cyber security programs

       Broad domain knowledge and strong understanding of three or more cyber security domains including (but not limited to):

       Cyber risk strategy

       Cyber risk program management and delivery

       Cyber security operations

       Security architecture

       Data protection

       Application security/SDLC

       Third party risk management

       Cloud security

       Cyber Threat Intelligence

       Security Operations Center

       Incident Response

       Cyber Resilience

Good to Have Skills/Project Experience/Certifications: 

       CISSP / CRISC (or equivalent)

Education: 

       B.E. / B.Tech + MBA (Preferred)