Consultant/Senior Consultant - Cyber Risk/Transformation

Job purpose:

- Security Consultant / Senior Security Consultant in the Risk Advisory team to work on various Cyber Transformation projects for our customers across the globe.

- An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You- ll also identify potential business opportunities for ORGANIZATION and GTH within existing engagements, and escalate these as appropriate. Similarly, you- ll anticipate and identify risks within engagements and share any issues with senior members of the team.

- In line with ORGANIZATION's commitment to quality, you- ll confirm that work is of the highest quality as per ORGANIZATION's quality standards, and is reviewed by the next-level reviewer. As an influential member of the team, you- ll help to create a positive learning culture, coach and counsel junior team members and help them to develop.

Your client responsibilities:

- Engage in Cyber Transformation projects

- Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress

- Execute the engagement requirements, along with review of work by junior team members

- Help prepare reports and schedules that will be delivered to clients and other parties

- Develop and maintain productive working relationships with client personnel

- Build strong internal relationships within ORGANIZATION Advisory Services and with other services across the organization

- Contribute to people related initiatives including recruiting and retaining Cyber Transformation professionals

- Maintain an educational program to continually develop personal skills of staff

- Understand and follow workplace policies and procedures

Your people responsibilities:

- Building a quality culture at GTH

- Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members

- Manage the performance management for the direct reportees, as per the organization policies

- Foster teamwork and lead by example

- Training and mentoring of project resources

- Participating in the organization-wide people initiatives

- Excellent leadership skills

Mandatory skills:

- Strong knowledge of cyber / information security concepts, risk and controls concepts

- Strong knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI - DSS, NIST standards on Cyber Security, HITRUST, etc.

- Strong knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc.

- Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts

- Good knowledge of OS (Windows / Linux) security, Database security

- Knowledge on tools like Nessus, BackTrack, NMAP, BurpSuite, etc. is a definite plus

- Familiar with OWASP and Secure SDLC standards / frameworks

- Good knowledge of IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.)

- Good knowledge of Security architecture design and review

- Knowledge on reviewing firewall rulesets

- Experience in LAN/WAN architectures and reviews

- Governance and reporting

- Good knowledge of cyber threats and vulnerabilities related to platform and infrastructure

- Knowledge of vulnerability management

- Basic knowledge of encryption

- Knowledge of creation of cyber policies and procedures

- Graduates / BE - B. Tech / MCA / M. Sc. (Stats, Maths, Computer Science) / MBA with background in computer science and programming with 3 - 7 years of relevant work experience

- CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer

- Excellent business communication skills

Preferred skills:

- Security operations (SOC, SIEM) skills in assessment, design, architecture, management and reporting

- Knowledge of anti-virus solutions (e.g. Symantec, McAfee, etc.)

- Basic knowledge of incident management

- Knowledge on Privacy

- Deep domain experience in a specific sector

- Prior Client facing experience