Location: Bangalore
Experience: 10 to 15 years

About the role

Strengthen cyber risk management system, in a context of evolving threats, increased requirements from regulators and the continuous transformation of business infrastructures and services. As such, it wishes to benefit from the consultant's expertise in terms of:

1. Cyber Risk Analysis,
2. identification and assessment of vulnerabilities,
3. definition of remediation plans,
4. and support for project and operational teams in risk management.

As observed in the existing services related to cybersecurity, the mission is part of the overall cyber strategies as well as best practices in risk management.

Scope of the Role

The service covers the entire cyber risk analysis cycle, and includes support for projects, operational teams, and security governance.

Internal Risk Analysis

1. Carrying out risk analyses on applications, infrastructures, flows, IT projects and exposed devices.
2. Methodology inspired by EBIOS RM
3. Assessment of threat scenarios, business impacts, and probability of occurrence.
4. Analysis of deviations from internal standards and recommendations.

Third-Party Risk Analysis (TPRM)

1. Review of the risks related to service providers, SaaS/IaaS/PaaS providers.
2. Evaluation of the security measures taken, risk scoring, definition of action plans.
3. TPRM Steering Support

Project safety support

1. Integration of security requirements (Secure by Design).
2. Participation in architecture workshops, approvals, and design reviews.
3. Recommendations on technical choices.

Risk Monitoring and Governance

1. Updating of risk registers.
2. Follow-up of actions, decisions, acceptances and justifications
3. Contribution to safety committees.

Monitoring, repositories and standards

1. Cyber monitoring (technical, regulatory and sectoral).
2. Participation in the updating of safety policies, standards and guides, practice already observed.

Candidate Profile:

1. Risk analysis methodologies (ISO 27005, NIST RMF, optional EBIOS RM as it is a French ANSSI methodology a training will be performed by SSG France).
2. In-depth knowledge of network, application and cloud architecture.
3. Security best practices (OWASP, CIS Benchmarks, NIST SP 80053).
4. Understanding of IAM/PAM, DevSecOps, API security.
5. CRISC / CISSP certified
6. ISO 27005 / CISM

Transversal skills

1. Ability to analyze and formalize.
2. Autonomy, strength of proposal.
3. Pedagogy and effective communication, in line with the profiles sought within the Group
4. Good Communication & Stakeholder Management skills

Qualification & Certifications

 

1. Engineering graduate - preferably B.E. /B.Tech in IT or Computer Engineering
2. At least one Certification Preferred:-
3. CRISC / CISSP certified
4. ISO 27005 / CISM

At our organization, we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.

All of our positions are open to people with disabilities.