Rc Sprc Cyber Strategy Assoc

B.Tech/ MCA/ MBA with ISO 27001 Lead Auditor and up to 2 years of relevant experience inIT risk / cyber security / data privacy consulting
- In-depth knowledge of the security and privacy provisions of a variety of regulations and standards such as PCI, NERC/CIP, SOX, HIPAA/HITECH, FFIEC, EU Privacy Laws, ISO, and NIST 800 series
- Proficiency with a variety of Windows, Unix and Linux operating systems
- Experience with testing and development frameworks such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM),the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115
- Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP, CIPP, GIAC)
- Strong multi-tasking and project management skills
- Excellent verbal and written communication (English) as the position requires frequent communications with RSM International clients

Position Responsibilities

The Associate will be an integral team member by assisting in our Security, Privacy and Risk Consulting (SPRC) practice. The associate will work with teams of security and privacy staff in a wide variety of systems environments, which includes compliance, and governance of the Information Security and Data Privacy related needs of our clients. This team assists clients with selecting, improving, controlling, securing, managing and monitoring the appropriate systems to address their information needs. We serve a diverse base of clients in a variety of industries and understanding how technology impacts the operation and growth of organizations is what we do best.
- Develop an understanding of the RSM Security and Privacy Risk Consulting approach, methodology and tools
- Demonstrate understanding of cyber security, information security and data privacy, risk management frameworks and related regulatory and compliance standards
- Perform NIST based information security reviews based on the clients’ implementations of frameworks such as, NIST 800.53r4/5, FISMA, FedRAMP and NIST 800.171
- Assisting with building our security, privacy and risk practice through developing knowledge base and skill set
- Experience or knowledgeable of practices related to delivering data protection, breach management and regulatory privacy assessments.
- Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization
- Be able to communicate to clients regarding the strategic and tactical risks of advanced security threats, enterprise security management practices and innovative solutions to that help clients mitigate information security risk factors
- Communicate complex technical issues to client senior management through the ability to transform such data into layman and executive style reports and presentations
- Leverage industry and technical expertise to identify improvement opportunities for assigned clients and assist with the development of remediation services for identified findings
- Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables
- Understand RSM and RSM Delivery Center's LOB and work as a team in providing an integrated service delivery
- Execute components of cyber security engagements under offshoredelivery model in an effective and efficient manner
- Ensure that documentation is compliant with quality standards of the firm
- Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements
- Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis
- Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients
- Open to work on other solution sets considering business requirements