Associate Director - Technology Risk Advisory

Technology Risk Advisory - Senior Management role

ROLE SUMMARY:

- The Associate Director of Technology Risk Advisory (TRA) will lead and oversee the development and growth of a high-performing Technology Risk Advisory practice.

- The role involves strategic planning, team building, client engagement, and service delivery while ensuring excellence in Cybersecurity, Governance, Risk, and Compliance (GRC), Technology Operations (TechOps), Security Operations (SecOps), and Global Privacy Regulations.

- This leader will focus on delivering client-centric solutions and building a robust practice.

JOB DESCRIPTION:

Practice Management :

Operations:

- Develop a strategic roadmap to build and scale the Technology Risk Advisory practice.

- Design service offerings in Cybersecurity GRC, TechOps, SecOps, and Privacy Advisory.

- Establish robust frameworks, methodologies, and tools for delivering advisory services.

- Develop and implement cybersecurity frameworks based on ISO 27001, NIST CSF, COBIT, and other standards.

- Guide security operations, including SIEM, threat intelligence, and incident response.

- Offer advisory on technology operations, including IT infrastructure optimization and Dev SecOps integration.

- Ensure compliance with global privacy regulations (GDPR, CCPA, HIPAA, etc.).

- Design privacy programs, data protection mechanisms, and compliance monitoring systems.

- Maintain a strong understanding of emerging regulations and their impact on clients.

- Sign off on client cybersecurity strategies, encompassing threat management, incident response planning, business continuity, and disaster recovery.

- Ensure the effective execution of multiple projects simultaneously, adhering to project timelines, scope, and budget requirements.

Profitability/Revenue Management:

- Increase topline revenue for the Practice as per predefined goals, while maintaining the practice gross margin.

- Budget management & optimization.

- Take responsibility for the IT Governance, Risk Management and Compliance budget.

- Business Relationship Management for IT Governance and Risk - this role will be a critical interface between the Firm's Leadership and the TRA team and will be required to present to the Leadership and the Executive teams periodically.

- Identify, prioritize, define and refine the Information Security strategy through the evaluation of new approaches and solutions in collaboration with the Managing Committee.

Sales & Marketing Support:

- Drive growth through business development, partnerships, and client acquisition strategies.

- Identify market trends and position the practice as a thought leader in the industry.

- Develop marketing strategies, including whitepapers, webinars, and industry events.

- Support the Sales teams for deal closures

- Create visibility for the practice on various platforms and among a larger network

- Provide technical support to the sales & marketing team on practice service verticals

- Support the business development process, including proposal development, client pitches, and contribution to marketing efforts.

- Development of the Practice and promotion of the the Firm's brand name via articles in publications, regular update management for clients, speaker at seminars, etc.

People Management:

- Ensure that personal and team objectives and strategy are aligned to departmental and organizational goals, and actively tracked and reported on across the year.

- Build and manage a team including recruitment, appraisals, developing training material, providing training to team members, and technically guiding the teams in completing their assigned deliverables

- Review of efficient and effective planning, selection and team management of all resources throughout the year including temporary resource redeployment within team/with other departments,

- Build and mentor a high-performing team with a blend of technical and advisory expertise.

- Retention of existing employees and measurable attrition management

- Address issues at emotional/infrastructural level at work being faced by teams, take responsibility for team building and career development of the team.

- Identify training needs of teams and assist in skill building wherever required.

- Ensure strategic resource planning, coupled to long term forecasting via the Annual Business Plan and 3/5 year plans, and in collaboration with HR.

- Succession planning for all critical roles within the team.

- Client Management & Quality

Client Management:

- Act as a trusted advisor to clients, providing expert insights into technology risk management.

- Develop solutions aligned with client needs, industry standards, and regulatory requirements.

- Drive impactful outcomes, engage with senior client stakeholders, including CXOs and board members.

- Serve as the primary point of contact for key clients, managing expectations, building long-term relationships, and understanding their evolving technology risk needs.

- Provide thought leadership and expert guidance to clients on industry trends, regulatory developments, and emerging cybersecurity threats.

- Be part of critical client presentations and discussions to communicate project outcomes, cybersecurity vulnerabilities, and remediation strategies in a clear and actionable manner.

- Proactively identify opportunities to expand service offerings and assist clients in achieving their cybersecurity objectives.

- Manage current and developing new relationships and alliances.

Quality:

- Maintain quality across all projects and seek active feedback on the same from all internal/external stakeholders.

DESIRED CANDIDATE PROFILE:

To be tailor-fit for the above skillsets, you need to have the following:

Qualifications:

- Bachelors/masters degree in computer science, Information Security, or a related field.

- Professional certifications (CISSP, CISM, CRISC, CISA, or equivalent).

- Advanced certifications in privacy (CIPM, CIPT, or equivalent) preferred.

Experience:

- 12-14 years of experience in Cybersecurity GRC, TechOps, and SecOps, with at least 5 years in a leadership role.

- Proven track record of building and scaling advisory practices, preferably in a global context.

- Intermediate knowledge of global privacy regulations and related compliance requirements.

- Experience in performing/overseeing IT audits, control assessments, and developing cybersecurity strategies and risk management frameworks.

- Knowledge of ethical hacking techniques, threat modelling, and exploitation of security vulnerabilities.

- Prior business development, sales, client management and practice management experience.

- Experience of handling a large client portfolio with a strong professional network/presence.

- Strong experience in leading large teams and managing complex client engagements.

Skills:

- Advanced expertise in Cybersecurity frameworks, risk management, and operational security.

- Deep understanding of regulatory environments and privacy laws globally.

- Excellent leadership, communication, and stakeholder management skills.

- Strong business acumen, with the ability to identify and capitalize on market opportunities.

- In-depth knowledge of IT Governance, Risk, and Compliance (ITGRC) frameworks such as ISO 27001, NIST, COBIT, PCI DSS, and GDPR.