SRC _Tech and cyber risk and Compliance_Senior Associate

Technology Risk

• Manage and interpret cyber and technology regulatory requirements to ensure alignment with enterprise risk frameworks and support compliance with global and regional regulations.
• Conduct cyber and technology compliance readiness assessments to evaluate organizational control posture and deliver clear reporting on gaps, risks, and improvement opportunities.
• Develop and maintain cyber and technology control frameworks, performing control mapping, testing, and automation initiatives to strengthen control assurance and operational efficiency.
  

Regulatory

• Perform cyber and technology risk assessments, quantifying risk exposure and preparing structured, stakeholder-ready regulatory and governance reporting.
• Execute regulatory gap assessments and design targeted playbooks and remediation plans that drive alignment with cyber, technology, and regulatory expectations.
• Support remediation efforts for regulatory findings and improve control environments for sustained compliance.
• Develop regulatory reports and board-level dashboards, providing visibility into cyber risk posture, technology controls, compliance metrics, and emerging regulatory trends.
  

Compliance

• Design and implement 1LOD and 2LOD cyber and technology compliance programs, including governance structures, control frameworks, and monitoring mechanisms.
• Support technology implementation programs in collaboration with GRC functions, ensuring alignment to regulatory standards and compliance-by-design principles.
• Manage cyber and technology regulatory responses, coordinating documentation, evidence, and remediation efforts for regulatory inquiries and examinations.
• Oversee compliance programs aligned to frameworks such as NIST, ISO 27001, PCI DSS, HIPAA, HITRUST, and FFIEC, ensuring effective adoption and certification of readiness.
• Perform end-to-end cyber and technology control testing to validate control effectiveness, identify weaknesses, and recommend risk-based corrective actions.
• Conduct internal and external control assessments to evaluate the adequacy and operational effectiveness of cybersecurity and technology control environments.
• Lead cybersecurity and technology maturity assessments, benchmark current-state maturity, defining target maturity levels, and recommending uplift strategies.
• Execute information security assessments across policies, processes, controls, and technologies to identify risks and improvement opportunities.
• Support internal audit reviews of technology and cybersecurity functions, validating adherence to standards, policies, and regulatory expectations.
• Conduct readiness assessments for regulatory exams, certification audits, and compliance initiatives to ensure organizational preparedness.
• Policy and standard management include writing, reviewing, updating, and managing lifecycle technology, security, risk, and compliance with policies and con
  

Minimum Years Experience Required

• Possess working knowledge of AI/GenAI technologies, including understanding of AI risks, responsible AI principles, and the ability to integrate AI-enabled solutions into technology risk, compliance, and automation initiatives.
• Strong understanding of cloud platforms and cloud security principles in modern enterprise environments.
• The candidate should possess hands-on experience in at least two to three core skills within compliance and regulatory domains.
• Excellent written and oral communication skills, can express thoughts clearly, know how to listen and is able to contribute to a team environment.
• Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs.
• Ability to create domain-specific training content and deliver training effectively.
• Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
• Develop/implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture.
• Demonstrates ability to track developments and changes in digital business and threat environments to ensure that they're adequately addressed in client’s security strategy plans and architecture artifacts.
• Good Knowledge and experience with GRC tools such as MetricStream, Open Pages, Archer and data analytics & visualization tools used in the Industry such as PowerBI, Alteryx and Tableau.
  

Professional & Educational Background

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems).
• Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC).