Senior Security Consultant

Key Responsibilities

• Provide consulting to implement and manage Information Security Management Systems (ISMS) and apply IT Systems Continuity Management concepts to client environments.
• Collaborate with customers to understand their business goals and objectives, ensuring their expectations are exceeded by building and maintaining strong relationships.
• Utilize industry-standard security frameworks and standards such as ISO 27001:2022 to enhance customer security postures.
• Independently manage information security projects, ensuring adherence to deadlines and delivery goals. Efficiently allocate and manage project resources, and communicating project status and progress to stakeholders.
• Lead projects to identify and assess security controls, implementing enhancements based on key performance indicators (KPI) metrics for customer systems.
• Design and assist clients to implement information security controls that meet industry standards for customer environments. Report on the effectiveness of security controls to customer management and identify opportunities for improvement.
• Develop and document information security policies, processes, standards, and procedures. Ensure effective communication of these policies and procedures across the customer's organization.
• Identify and interpret legal, regulatory, and statutory information security compliance requirements relevant to customer operations.
• Plan and execute internal audits and support during external certification audits for customers, developing corrective action plans for audit findings.
• Monitor customer compliance through manual reviews and automated Governance, Risk, and Compliance (GRC) tools.
• Define and assess the customer's risk appetite and tolerance levels.
• Perform threat modeling and vulnerability/gap analysis for customer environments. Conduct risk assessment exercises and workshops, designing and implementing Risk Treatment Plans (RTPs).
• Develop and monitor Key Risk Indicators (KRIs) for customers.
• Communicate risk assessments and mitigation plans to senior management within customer organizations.
• Effectively communicate complex security concepts to both technical and non-technical customer audiences. Analyze complex security information to identify root causes and develop well-reasoned recommendations based on analysis.
• Creating elaborate reports and presentations about Security assessments/audits findings/observations
• Writing/ Documentation of organization level security policies, processes and procedures in collaboration with multiple stakeholders
• Organizing and conducting ISMS workshops and security awareness/training sessions effectively
• Stay updated on regional information security standards and regulations in GCC, India, Europe, and North America. Keep customers informed about the latest cybersecurity news and emerging threats.

Deliverables and Outcomes

• Build and maintain strong customer relationships, ensuring their business goals and objectives are met and incorporated in the security program.
• Successfully manage and deliver information security projects on time and within scope.
• Enable customers to comply with their regional IS regulations and keep customers informed of emerging cybersecurity threats.
• Identify, assess, and enhance security controls to meet industry standard benchmarks.
• Develop, document, and communicate comprehensive Information Security framework policies and procedures.
• Conduct compliance audits and continuously monitor adherence to legal and regulatory requirements.
• Define customer risk appetite, perform risk assessments, and implement Risk Treatment Plans.
• Present risk mitigation strategies to senior management and stakeholders.

Key Skills

1. Customer relationship management and relationship building

2. In-depth knowledge on ISO 27001:2022 standard clauses and ISO 27002 Annexure Control guidance

3. Knowledge about ISO 31000 or similar and its application on enterprise level

4. Organizing and conducting effective information security committee/Management review meetings and presentations

5. Understanding about information security principles (CIA) and its application on information system security

6. Application of data classification framework/concepts, Identity and Access Management Concepts, Secure Software Development Lifecycle concepts, network defense in depth concepts.

7. Working knowledge about cloud security concepts and any cloud platforms like Azure, AWS and/or GCP

8. Exposure on facilitating Security Assessments and assurance audits (internal & certification audits)

9. Working alongside with Security Operations Centre functions/incident management activities

Competencies

• Analysis Skills
• Independence
• Customer Focus
• Communications- Oral & written
• Team Player
• Persuasion
• Adaptability to Change
• Problem Solving Skills