Cyber Security Consultant

Job responsibilities :IT Risk Management :- Perform risk assessments to identify, evaluate, and mitigate potential threats and vulnerabilities in IT infrastructure, networks, applications, and data.- Develop and implement risk treatment plans to reduce identified risks to acceptable levels.- Continuously monitor risk levels and update the risk management framework to reflect changes in the threat landscape.SOC Operations Management :- Oversee Security Operations Center (SOC) to ensure continuous monitoring, detection, and response to security incidents.- Develop and refine incident response procedures and playbooks to address evolving threats.- Implement SIEM (Security Information and Event Management) tools and use threat intelligence to proactively identify security anomalies.- Lead forensic analysis and root cause investigation for security incidents, ensuring rapid containment and mitigation.- Optimize SOC workflows by implementing automation for threat detection and response using SOAR (Security Orchestration, Automation, and Response).- Establish and monitor KPIs for SOC performance to ensure operational effectiveness and timely incident resolution.Cloud Security :- Develop and implement cloud security strategies aligned with compliance standards such as ISO 27001, PCI DSS, and NIST CSF.- Conduct security assessments for cloud platforms such as AWS, Azure, and GCP, ensuring best practices in IAM (Identity & Access Management), data encryption, and network security.- Enforce CASB (Cloud Access Security Broker) solutions to secure SaaS applications and prevent unauthorized access.- Implement cloud-native security controls such as CSPM (Cloud Security Posture Management) and CWPP (Cloud Workload Protection Platform) to enhance visibility and threat mitigation.- Collaborate with DevOps teams to integrate security controls in CI/CD pipelines and cloud-native applications.- Conduct cloud security risk assessments and provide recommendations to mitigate misconfigurations and vulnerabilities.Compliance Management :- Ensure compliance with regulations including RBI, NPCI, SEBI guidelines, ISO 27001, PCI DSS, and other security standards.- Conduct regular compliance assessments to evaluate adherence to internal and external requirements.- Update policies based on regulatory changes, educate employees, and ensure consistent adherence across departments.Governance :- Establish and update cybersecurity policies in alignment with RBI guidelines, ISO 27001, NIST, and PCI DSS standards.- Implement governance frameworks to manage risks and strengthen information security strategies.- Monitor cybersecurity programs and recommend improvements to enhance compliance and security posture.Security Awareness :- Design and implement awareness programs to educate employees on security policies and best practices.- Conduct training sessions, workshops, and phishing simulations to promote a security-conscious culture.- Measure the effectiveness of awareness initiatives through feedback, testing, and incident analysis.KPI Reporting :- Define and track key performance indicators (KPIs) for governance, risk management, compliance, and security awareness.- Analyse cybersecurity metrics and generate reports for senior management to aid decision-making.- Use KPI data to drive continuous improvements in the cybersecurity program.What are we looking for :- Comprehensive knowledge of RBI & NPCI guidelines, ISO 27001, NIST, PCI DSS, and other security standards.- Expertise in governance, risk, compliance (GRC), SOC operations, and cloud security.- Proficiency in SOC operations, SIEM tools, incident response, threat intelligence, and forensic analysis.- Hands-on experience with cloud security frameworks, DevSecOps, and cloud-native security solutions.- Ability to proactively identify risks and implement mitigation measures to reduce exposure.- Foster a security-first culture through training and awareness programs.- Monitor and improve policies and frameworks to address evolving cybersecurity threats and regulatory changes.- Strong communication and interpersonal skills to effectively convey security matters to technical and non-technical stakeholders.- Entrepreneurial skills, ability to observe, innovate, and take ownership of security initiatives.- Detail-oriented and organized with strong time management skills.- Influencing skills and the ability to create positive working relationships with team members at all levels.- A collaborative approach and work with perfection as a group effort to achieve organization goal.Education Qualification Graduate :- Good to have certifications CISM, CISSP.Experience : 10+ years.Industry : Banking /Fintech.Location : Bengaluru/Noida.What do we offer :- An organization where we strongly believe in one organization, one goal.- A fun workplace which compels us to challenge ourselves and aim higher.- A team that strongly believes in collaboration and celebrating success together.- Benefits that resonate We Care (ref:hirist.tech)