Senior Consultant - IT Security

Key Deliverables

• Provide support as Lead implementor towards ISMS and PIMS policies, procedures, and guidelines and ensure to perform regular review and update.
• Gather evidence of continuous compliance with ISO 27001:2022 and ISO 27701:2019, DPDPA, IT Act and Cert In Regulation including audit logs, records of reviews, timely closure of open audit and risks and sharing the report with management.
• Conduct regular, documented information security and privacy risk assessments on Security Tools and Technologies by identifying assets, threats, vulnerabilities, likelihood, and impact.
• Prioritize identified vulnerabilities, detailed findings, remediation recommendations, trending reports on vulnerability posture towards closure with stakeholders.
• Implementation of a comprehensive, ongoing security project plan for remediation of open audit gaps.
• Prepare regular report on overall information security posture, GRC maturity, and risk landscape to relevant stakeholders.
• Perform Root Cause Analysis and lessons learned from information security incidents, actively participate in audits and support internal IT staff to perform technical assessments and controls with evidence.
  

Key Relationships:

• Internal IT and business customers in MSR,
• Global/Local IT Vendor, market and global (HQ) colleagues,
• IT vendors, contractors (where applicable).
  

Skills:

• Must have ISO 27001 Lead Implementer and ISO 27701 Lead Implementer certifications.
• In depth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as well as UK DPA and ISO 31000
• Good to have certification on CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) and Cloud Security certifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty)
• Familiarity with common vulnerability scanning tools like Qualys (features, reporting, agent-based vs. network scans) and Cloud Security Posture Management (CSPM) tools like Wiz (cloud service provider configurations, misconfigurations, compliance checks in AWS, Azure, GCP).
• Conduct and lead IT DR drills and Tabletop exercises with internal IT teams.
• Hands on knowledge on common security technologies (e.g., firewalls, EDR, Cloud Security, VAPT tools, SIEM, WAF, DLP, PAM, BAS, encryption etc.,).
• Ability to handle and manage Endpoint, Perimeter, Cloud and Data Security technical consoles with configuration and fine tuning of policies.