Associate Director - Cyber Risk

Any Certification:-ITIL/CISA/CEH/OSCP/CCNP/CCNA/CISM/ GIAC Penetration Tester (GPEN)

Qualification-Bachelor of Engineering or B.Tech or B.com/MBA

The candidate required from this position must be from a Big4 background or well known boutique cyber security firms or technology consulting industry.

Candidate must have overall service delivery experience around:

- VAPT

- Cyber Security Reviews and brand protection services

- IT Audits

- Vendor Audits

- Standard specific compliance reviews and implementation experience (PCI DSS / ISO 27001 /COBIT)

Cyber Security:

- Vulnerability Assessment & Penetration Testing (VAPT)

- Network VAPT

The candidate must have deep experience in carrying out VAPT of the following network elements:

- Firewalls

- Core routers

- Core switches

- Wi-fi networks

- Windows servers

- Web Application VAPT

Candidate must have strong experience in carrying out web application based VAPT including that of web crawling and building custom scripts for SQL injection and browser exploitation.

Mobile Security

The candidate must be adept at carrying out mobile security testing covering aspects like app VAPT, Mobile app server VAPT and preferably some knowledge of mobile code review for popular platforms like IOS/Android.

Tools Experience

- Nmap

- Nessus

- Burp suite

- Accunetix

- Air crack ng

- Air Snort

- Metasploit

- Maltego

- Shodan

- OWASP ZAP

- ADB

- IPAD file explorer

- Kali Linux

- Wireshark

Live CD's like Kitana

Scripting and coding experience (optional - good to have)

Python

PHP

BASH

Services Specific Experience : #2 Cyber Security Reviews

Cyber Security Review

The candidate is required to have deep technical knowledge and strong experience in carrying out detailed cyber security configuration reviews configurations review of systems such as:

- Windows servers

- AIX servers

- MS Exchange server

- Oracle and SQL Databases

- Firewalls (including rule base) (WAF familiarity will be an added advantage)

- SIEM (rule base including key co-relation rules)

- DLP (events and rules)

- Back up platforms (e.g. Tivoli, Symantec etc.)

- Content filter gateways

- Apache web servers

Cyber Analytics

The candidate is also expected to have reasonable understanding of logging formats for the above devices. And must have experience in analyzing logs using tools of at least, web server logs windows event logs and firewall logs. The candidate also must have familiarity with configuration benchmarks provided by various organizations.

Tools Experience

- SQL Server (for log analytics)

- Splunk knowledge will be an added advantage

Services Specific Experience : #3 IT Audits

The candidate must have reasonable experience in conduct of IT audits for Indian and international clients (preferably). The coverage of their experience in IT audits must include areas such as :

- Physical security

- Logical security

- Data center reviews

- MSSP reviews

- IT MS reviews

- SOC reviews

- Privacy reviews

The candidate must have experience in preparing audit committee decks and also presenting observations in pre-audit committees, risk committees and audit committees.

Services Specific Experience : #4 Vendor Audits

The candidate must have handled vendor IS compliance of vendors for clients in the banking and insurance sector leveraging standards such as SSA-AUP, ISO 27001 etc.

Services Specific Experience : #5: Standard specific compliance reviews and implementation experience (PCI DSS / ISO 27001 /COBIT)

The candidate must have a reasonable conceptual understanding of information security frameworks like ISO 27001, PCI DSS, IT Act, RBI regulations, IRDA regulations and COBIT. And must have experience specific to those of the following experience will be good to have and a strong bonus:

- ISMS implementation

- ISMS audits based on ISO 27001

- COBIT implementation (good to have)

- IRDA gap audits

- RBI cyber audits

- RBI guideline audits

- Sales support Skills & Project Management

The candidate is expected to have the following skills:

Sales

- Account management for the cyber security

- Periodically meet stakeholders to identify new opportunities

- Lead large multi team proposals

- Track the internet for RFP opportunities

- Conceptualize business proposals to be made for assignments

- Carry out and track RFP submissions

- Carry out internal risk clearance and management processes for client

- Assist senior management in research and writing technical white papers

Project Management

- Creation of project codes for time charging and expenses

- Staffing of projects - identification of resources available from resource pool

- Management project on ground and deliver areas of project allocated

- Tracking time charged on projects

- Oversee activities of other team members to ensure quality delivery

- Be the first point for client for status update meetings and project escalations

- Build project presentations and audit reports

- Discussions of draft audit report for stakeholder buys in

- Attend audit committees

- Team development

- Build excellent and simplified training materials to train client teams and Junior team members

- Conduct knowledge sharing sessions for the teams below

Key soft skills and other requirements:

- The candidate is expected to have excellent analytical skills and report writing skills to ensure that deliverables for all assignments are well accepted by the clients.

- The candidate is also expected to have excellent presentation making skills to ensure that report summaries are made into succinct theme based presentations to senior management.

- The candidate may be required to travel for short to long term assignments depending on client requirement.

- Must have been in a client facing role in addition to a technical role.

- Must have managed senior stakeholders at client (VP level, CISO, CIO, CTO and Audit sub- committees)

If interested then please share your Resume or contact at 8851463922