Security Consulting

Key Responsibilities

· Provide consulting to implement and manage Information Security Management Systems

(ISMS) and apply IT Systems Continuity Management concepts to client environments.

· Collaborate with customers to understand their business goals and objectives, ensuring their

expectations are exceeded by building and maintaining strong relationships.

· Utilize industry-standard security frameworks and standards such as

ISO 27001:2022

to

enhance customer security postures.

· Independently manage information security projects, ensuring adherence to deadlines and

delivery goals. Efficiently allocate and manage project resources, and communicating project

status and progress to stakeholders.

· Lead projects to identify and assess security controls, implementing enhancements based on

key performance indicators (KPI) metrics for customer systems.

· Design and assist clients to implement information security controls that meet industry

standards for customer environments. Report on the effectiveness of security controls to

customer management and identify opportunities for improvement.

· Develop and document information security policies, processes, standards, and procedures.

Ensure effective communication of these policies and procedures across the customer's

organization.

· Identify and interpret legal, regulatory, and statutory information security compliance

requirements relevant to customer operations.

· Plan and execute internal audits and support during external certification audits for

customers, developing corrective action plans for audit findings.

· Monitor customer compliance through manual reviews and automated Governance, Risk, and

Compliance (GRC) tools.

· Define and assess the customer's risk appetite and tolerance levels.

· Perform threat modeling and vulnerability/gap analysis

for customer environments. Conduct

risk assessment exercises and workshops, designing and implementing Risk Treatment Plans

(RTPs).

· Develop and monitor Key Risk Indicators (KRIs) for customers.

· Communicate risk assessments and mitigation plans to senior management within customer

organizations.

· Effectively communicate complex security concepts to both technical and non-technical

customer audiences. Analyze complex security information to identify root causes and

develop well-reasoned recommendations based on analysis.

· Creating elaborate reports and presentations about Security assessments/audits

findings/observations

· Writing/ Documentation of organization level security policies, processes and procedures in

collaboration with multiple stakeholders

· Organizing and conducting ISMS workshops and security awareness/training sessions effectively · Stay updated on regional information security standards and regulations in GCC, India, Europe, and North America. Keep customers informed about the latest cybersecurity news and emerging threats.

Deliverables and Outcomes

· Build and maintain strong customer relationships, ensuring their business goals and

objectives are met and incorporated in the security program.

· Successfully manage and deliver information security projects on time and within scope.

· Enable customers to comply with their regional IS regulations and keep customers informed

of emerging cybersecurity threats.

· Identify, assess, and enhance security controls to meet industry standard benchmarks.

· Develop, document, and communicate comprehensive Information Security framework

policies and procedures.

· Conduct compliance audits and continuously monitor adherence to legal and regulatory

requirements.

· Define customer risk appetite, perform risk assessments, and implement Risk Treatment

Plans.

· Present risk mitigation strategies to senior management and stakeholders.

Key Skills

1. Customer relationship management and relationship building

2. In-depth knowledge on ISO 27001:2022 standard clauses and ISO 27002 Annexure Control

guidance

3. Knowledge about ISO 31000 or similar and its application on enterprise level

4. Organizing and conducting effective information security committee/Management review

meetings and presentations

5. Understanding about information security principles (CIA) and its application on information

system security

6. Application of data classification framework/concepts, Identity and Access Management

Concepts, Secure Software Development Lifecycle concepts, network defense in depth

concepts.

7. Working knowledge about cloud security concepts and any cloud platforms like Azure, AWS

and/or GCP

8. Exposure on facilitating Security Assessments and assurance audits (internal & certification

audits)

9. Working alongside with Security Operations Centre functions/incident management activities