Associate Cyber Strategy

Job Description o   Lead and support risk assessments of new and existing technology initiatives, products, and services. o   Conduct deep-dive risk reviews of IT and Cyber domains such as Identity & Access Management, Network Security, Incident Management, Data Protection etc. o   Advise business and IT stakeholders on risk mitigation strategies and control enhancements. ·       Technology Risk Oversight o   Provide independent oversight and challenge to first line technology risk activities, controls, and remediation plans. o   Review and assess technology risk and control self-assessments (RCSAs), risk registers, and key risk indicators (KRIs). o   Monitor emerging technology risks (e.g., AI, quantum, etc.) and escalate as appropriate. ·       Policy & Framework Review & Development o   Contribute to the development, maintenance, and enhancement of technology risk management frameworks, policies, and standards. o   Ensure alignment with regulatory expectations (e.g., FFIEC, NIST, ISO 27001) and industry best practices. ·       Cyber Maturity Review & Challenge o   Review quarterly cyber maturity reviews performed by first-line and challenge the outcomes with clear reasoning. ·       Reporting & Communication o   Prepare and present technology risk reports, dashboards, and insights for senior management and governance committees. o   Communicate complex technology risk concepts in clear, business-focused language Requirements Qualifications: Must Have Skills/Project Experience/Certifications: ·       Bachelor’s degree in information technology or related field ·       1-3 years information security experience with 3+ years of experience in technology risk management ·       Excellent verbal and written communication ·       Understanding and knowledge of industry standards and industry frameworks (e.g., COBIT, COSO, ISO 27001, PCI, NIST) ·       Experience of implementing and operationalizing technology risk management programs. ·       Understanding of security requirements, contributions to security design and hands-on implementation of multiple security technologies and capabilities ·       Hands on experience working with stakeholders in identifying, prioritizing and developing plans and roadmaps for cyber security programs ·       Broad domain knowledge and strong understanding of three or more cyber security domains including (but not limited to): ·       Cyber risk strategy ·       Cyber risk program management and delivery ·       Cyber security operations ·       Security architecture ·       Data protection ·       Application security/SDLC ·       Third party risk management ·       Cloud security ·       Cyber Threat Intelligence ·       Security Operations Center ·       Incident Response ·       Cyber Resilience Good to Have Skills/Project Experience/Certifications:  ·       CISSP / CRISC (or equivalent) Education:  ·       B.E. / B.Tech + MBA (Preferred) Requirements Must Have Skills/Project Experience/Certifications: · Bachelor’s degree in information technology or related field · 3-5 years information security experience with 3+ years of experience in technology risk management · Excellent verbal and written communication · Understanding and knowledge of industry standards and industry frameworks (e.g., COBIT, COSO, ISO 27001, PCI, NIST) · Experience of implementing and operationalizing technology risk management programs. · Understanding of security requirements, contributions to security design and hands-on implementation of multiple security technologies and capabilities · Hands on experience working with stakeholders in identifying, prioritizing and developing plans and roadmaps for cyber security programs · Broad domain knowledge and strong understanding of three or more cyber security domains including (but not limited to): · Cyber risk strategy · Cyber risk program management and delivery · Cyber security operations · Security architecture · Data protection · Application security/SDLC · Third party risk management · Cloud security · Cyber Threat Intelligence · Security Operations Center · Incident Response · Cyber Resilience Good to Have Skills/Project Experience/Certifications: · CISSP / CRISC (or equivalent) Education: · B.E. / B.Tech + MBA (Preferred)