SRC _Cyber Strategy and Resilience_Associate

• Experience supporting cybersecurity strategy development, including helping analyze organizational priorities, assess strategic risks, and contribute to multi-year transformation or resilience roadmaps.
• Experience supporting cybersecurity maturity assessments, audit readiness efforts, and framework evaluations (e.g., NIST CSF, NIST 800-53, CIS, ISO 27001), including developing analysis, evidence summaries, and assessment documentation.
• Experience contributing to current-state reviews, identifying initial control or capability gaps, and supporting the development of strategic security roadmaps and prioritized recommendations.
• Ability to synthesize assessment findings into clear, structured deliverables—such as risks, observations, gap summaries, or executive-ready insights—to support strategic decision-making.
• Conduct threat modeling analysis using established frameworks (e.g., MITRE ATT&CK, STRIDE), identify potential attack paths or capability gaps, and incorporate insights into assessments, recommendations, and resilience planning.
• Ability to interpret and assess Enterprise Security Architecture, Infrastructure Configurations, SaaS, PaaS, APIs, Network designs, data flow maps, cloud architecture layouts, etc.

• Experience assisting with cloud security assessments, including reviewing baseline security, compliance, and
• configuration requirements across AWS, Azure, or GCP environments.
• Understanding of business continuity, disaster recovery, operational resilience, and incident response concepts (e.g., BCP, DR, BIA, RTO/RPO), with the ability to support planning and documentation activities.
• Familiarity with resilience and incident response standards such as ISO 22301, NIST SP 800-61, and regulatory expectations like DORA, with the ability to apply them in guided assessments or resilience uplift initiatives.
• Ability to draft, refine, or update cybersecurity policies, standards, and procedures under the direction of senior team members, ensuring alignment with leading practices and business needs.
• Experience using GenAI/LLM tools to streamline GRC tasks such as compliance reporting, evidence analysis, document reviews, and assessment preparation.
• Familiarity with AI governance principles and emerging frameworks (e.g., NIST AI RMF, ISO 42001) with the ability to support basic assessments or control mapping activities.
• Conceptual understanding of vulnerability management, threat intelligence, and incident response workflows, with exposure to security operations technologies (SIEM, IDS/IPS, EDR/XDR) and how they support detection, response, and resilience.
• Proficiency with Microsoft 365 and Microsoft Office Suite (Word, Excel, Access, PowerPoint)
  

Desired Knowledge

• Familiarity with cyber defense technologies such as SIEM, SOAR, and EDR/XDR platforms.
• Familiarity with security operations, including vulnerability management, incident handling, cyber threat intelligence, and proactive threat hunting.
• Conceptual understanding of secure software development; exposure to application security basics such as OWASP Top 10.
• Experience supporting application security reviews or tools enabled SAST/DAST/SCA analysis is a plus.
• Ability to keep up with evolving cybersecurity and digital trends and connect them to business or security impacts.
• Strong analytical and problem-solving ability, with willingness to learn complex security concepts over time.
• Strong verbal and written communication skills, with the ability to summarize findings clearly and collaborate effectively with team members.
• Ability to work both independently (within defined guidance) and as part of a larger security or GRC project team.
• Organized, detail-oriented, and able to support multiple workstreams with appropriate prioritization.
• Demonstrates curiosity, willingness to learn, and openness to developing deeper technical or governance expertise over time.
  

Professional & Educational Background

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems).
• Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC)