SRC _ Cyber Strategy and Resilience_Senior Associate

• Strong understanding of security strategy, program design, security assessments and deep technical controls.
• Lead portions of cybersecurity strategy, maturity, and framework assessments (e.g., NIST CSF, ISO 27001), including analyzing findings, validating evidence, and developing higher-level insights and recommendations.
• Drive current-state assessments, identify meaningful control or capability gaps, and help design strategic roadmaps, remediation plans, and transformation pathways aligned to client objectives.
• Lead current-state assessments, perform gap analyses, and develop roadmap plans with effort estimations. Experience applying these methods across at least two industry frameworks such as NIST CSF, NIST 800-53, CIS, FFIEC, ISO 27001 etc.
• Synthesize complex assessment findings into structured, client-ready deliverables— risks, observations, gap summaries, or strategic recommendations.

• Proven experience creating, writing, reviewing, and maintaining cybersecurity standards, policies, and procedures.
• Conduct threat modeling using established frameworks (e.g., MITRE ATT&CK, STRIDE), identify potential attack paths or capability gaps, and incorporate insights into assessments, recommendations, and resilience planning.
• Ability to interpret and assess Enterprise Security Architecture, Infrastructure Configurations, SaaS, PaaS, APIs, Network designs, data flow maps, cloud architecture layouts, etc.
• Experience assisting with cloud security designing, including reviewing baseline security, compliance, and configuration requirements across AWS, Azure, or GCP environments.
• Ability to assess cloud architectures from security perspective, including evaluating current and target-state designs, identifying compliance and security requirements, and defining secure cloud migration strategies.
• In-depth understanding of IT cyber resilience architecture, business continuity (BCP), disaster recovery (ITDR) and relevant and cybersecurity standards such as ISO 22301 and NIST SP 800-61, DORA and other industry regulations.
• Experience with GenAI/LLMs to automate and enhance GRC processes.
• Experience implementing or evaluating AI governance and risk controls aligned with the frameworks such as NIST AI RMF or ISO 42001, to guide AI system design, control definition, and responsible AI practices
• Experience with developing AI tools/Agents to automate compliance reporting, policy updates, regulatory summaries, evidence collection, and control testing.
• Ability to design AI-powered chatbots for internal regulatory/controls guidance.
• Strong project management and stakeholder management skills, with the ability to independently manage workstreams, coordinate team activities, and maintain clear communication with clients to drive delivery.
• Ability to collaborate with cross-functional cybersecurity teams to capture, document, and operationalize cybersecurity processes.
• Experience in implementing effective and innovative technology solutions.
• Experience with cyber defense technologies such as SIEM, SOAR, and EDR/XDR platforms.
• Familiarity with security operations, including vulnerability management, incident handling, cyber threat intelligence, and proactive threat hunting.
• Ability to track emerging digital business trends and evolving threats to ensure they are incorporated into security strategy and architecture.
• Understanding of secure software development practices (SSDLC) and the ability to integrate security controls throughout the SDLC.
• Experience performing application security assessments, including threat modeling, code reviews, and static/dynamic application security testing (SAST/DAST/SCA).
• Experience with application security tools such as Veracode, Fortify, Checkmarx, SonarQube, Burp Suite, or similar platforms is good to have.
• Proven capability to independently drive cybersecurity and GRC initiatives end-to-end, including assessment, remediation planning, stakeholder alignment, and execution.
• Demonstrated leadership skills and team management capabilities, including providing direction to team members and contributing to effective client management through proactive engagement and issue resolution.
• Proficiency with Microsoft 365 and Microsoft Office Suite (Word, Excel, Access, PowerPoint).
• Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
• Excellent written and verbal communication skills, with the ability to articulate complex concepts clearly and contribute effectively in team settings.
• Consistently communicates and drives objectives using fact-based decision-making that balances risk mitigation with business performance.
  

Professional & Educational Background

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems).
• Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC)
  

Minimum Years Experience Required