Security Consultant

Job Description

IntroductionInformation and Data are some of the most important organizational assets in today s businesses. As a Security Consultant, you will be a key advisor for IBM s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.Your Role and Responsibilities A Cybersecurity & Governance Risk and Compliance Consultant career path should be multi-pronged. Cybersecurity & Governance Risk and Compliance Consultant should possess strong multi-tasking skills and enthusiasm for details and should think one step ahead of cybercriminals. He / She should be well prepared to deal with high situations and thrive in a fast-paced environment.Looking for an experienced Cybersecurity & GRC professional, with a great track record for managing the execution of Cybersecurity & GRC programs. Must excel in organizing, planning and delivering results and relish working with others to achieve critical security outcomes. You assess and help clients develop Cybersecurity programs and build in those requirements into product offerings & services as well as day-to-day business processes. You will work directly with the other teams to implement and maintain a sustainable Cybersecurity & GRC programs for IBM clients.Role and Responsibilities
• Developing recommendations to design and/or strengthen Cybersecurity programs for organizations and assist in improving their efficiency and effectiveness, adding value to the organization.
• Support periodic organizational and service level risk and impact assessments to identify IT, Security & Privacy risks in a manner that helps clients comply with multiple regulations/frameworks that use a risk based approach to implementing Cybersecurity practices.
• Meet with clients to research and understand requirements for solutions centered on development of Cybersecurity & Risk Management programs (CEA, NIST CSF, CIS, ISO 27001 etc.).
• Analyze control related gaps/non-conformities/findings in the context of the Cybersecurity and Risk Management program.
• Drive sound risk management and reporting functions.
• Speaking to clients using PowerPoint Presentations skill on Cyber Security Solutions & Initiatives.
• On an as-needed basis, provide advisory services to other teams on maintaining compliance with the IT, Privacy and Security policies and standards through the course of their business operations and support client audit/assessment activities.
• Participate in governance activities such as creation and review of security policies, plans, and procedures and providing recommendations to comply with applicable cybersecurity framework.
• Develop statement of work (SoW) with task lists and estimated level of effort (LOE) for various types of projects in support of various Cybersecurity & GRC solutions.
• Reviewing technical, administrative, and physical security controls and providing recommendations to mitigate the identified security risks
• Continuously update the skills and knowledge to keep up with the changing threat landscape for the specific industry of the client and energy sector will be an advantage.
Required Technical and Professional Expertise
• Desirable 10 + years of work experience information security
• Hands-on Ops and/or auditing experience & knowledge of but not limited to following:
  • SIEM / log management & monitoring solutions
  • Data leakage solution
  • Email Security and MDM Solution
  • Firewall and Cloud Proxy
  • IAM & PIM Solutions
• Work with multiple cross functional teams to enhance and maintain a Cybersecurity Controls Framework that meets multiple regulatory/industry best practices security and privacy standards.
• Gather and maintain library of objective evidence to show ongoing compliance with the documented controls.
• Strong understanding and knowledge of risk assessment, and security assessments
• Facilitate/support client audit/assessment activities.
• Execute ongoing organizational assessments to identify technology, security & privacy risks.
• Test Controls and log, track and report on control related gaps/non-conformities including validation of remediation plans.
• Use GRC toolset to automate processes and programs to gain efficiencies.
• Participate in governance activities to provide feedback and maintain security & privacy policies, standards and procedures/guidance documents.
• Comfortable presenting to CIO/CISO/CTO solution demonstrations and virtual whiteboard sessions
• Knowledge of cloud concepts, IaaS, PaaS, SaaS, etc. Specially AWS & Azure
• Knowledge of all infrastructure layers, hardware, OS, virtualization, storage, network, database and security
• Knowledge of threat advisories and threat Intel and hunting.
• Knowledge of standards and regulatory like NIST, CIS, ISO 27001, 27002, 22301, PCI-DSS, Cyber-crime act etc.
• Prior Consulting Experience is a preferred but not a strict requirement
Preferred Technical and Professional Expertise
• Proven communication and presentation skills
• Analytical and reporting skills
• Experience in working within highly regulated environments
• Time-management skills
• Act as a team player and/or work independently
• Demonstration of interest in Information Security and Information Risk management
• Exposure in Renewable Energy Sector will be an advantage.
• Degree in Information Technology or Computer Science or Network / Telecommunications Engineer B.Tech., B.E, MCA, M.Sc. IT.(Mandatory either of these)
• Professional Qualifications Mandatory Any Certification in cyber security (CEH, OSCP, CISM, CISA, GCIH etc.), ISO 27001 LI/LA
,

Keyskills :
grcsaptroubleshootingenvironmentcustomer relationspci dssiso 27001service levelcyber securitylog managementrisk managementrisk assessmentcomputer sciencerenewable energytechnical skillsequipment supplyinformation riskprivacy policiesphys