Senior Consultant - IT Security

KeyDeliverables (Essential Functions & Responsibilities of the Job) :

• Providesupport as Lead implementor towards ISMS and PIMS policies, procedures, andguidelines and ensure to perform regular review and update.
• Gatherevidence of continuous compliance with ISO 27001:2022 and ISO 27701:2019, DPDPA, IT Act and Cert In Regulation including audit logs, records of reviews, timely closure of open audit and risks and sharing the report with management.
• Conductregular, documented information security and privacy risk assessments onSecurity Tools and Technologies by identifying assets, threats, vulnerabilities, likelihood, and impact.
• Prioritizeidentified vulnerabilities, detailed findings, remediation recommendations, trending reports on vulnerability posture towards closure with stakeholders.
• Implementationof a comprehensive, ongoing security project plan for remediation of open auditgaps.
• Prepareregular report on overall information security posture, GRC maturity, and risklandscape to relevant stakeholders.
• PerformRoot Cause Analysis and lessons learned from information security incidents, actively participate in audits and support internal IT staff to performtechnical assessments and controls with evidence.

KeyRelationships:

• InternalIT and business customers in MSR,
• Global/LocalIT Vendor, market and global (HQ) colleagues,
• IT vendors, contractors (where applicable).

Skills:

• Musthave ISO 27001 Lead Implementer and ISO 27701 Lead Implementer certifications.
• Indepth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as wellas UK DPA and ISO 31000
• Goodto have certification on CISM (Certified Information Security Manager), CISSP(Certified Information Systems Security Professional) and Cloud Securitycertifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty)
• Familiaritywith common vulnerability scanning tools like Qualys (features, reporting, agent-based vs. network scans) and Cloud Security Posture Management (CSPM)tools like Wiz (cloud service provider configurations, misconfigurations, compliance checks in AWS, Azure, GCP).
• Conductand lead IT DR drills and Tabletop exercises with internal IT teams.
• Handson knowledge on common security technologies (e.g., firewalls, EDR, CloudSecurity, VAPT tools, SIEM, WAF, DLP, PAM, BAS, encryption etc., ).
• Abilityto handle and manage Endpoint, Perimeter, Cloud and Data Security technicalconsoles with configuration and fine tuning of policies.