90435 -" Cyber : CST Assistant Manager"

Job Description

Key Responsibilities :   As a part of our Cyber strategy team, you will build and nurture positive working relationships with teams and clients with the intention to exceed client expectations.

• Develop, implement, and maintain risk and governance frameworks.
• Guide teams / Handle client information security posture, identify the gaps / risks in the existing environment and develop solutions to mitigate the identified gaps / risk.
• Recommend security solutions and enhancements aligned with business goals and threat landscape.
• Conduct security risk assessments of third-party vendors and service providers.
• Define TPRM frameworks and integrate them into the overall risk management program.
• Perform cybersecurity maturity assessments using established frameworks such as NIST CSF, NIST-800-53, ISO 27001
• Frontend teams for ISO 27001 based Information Security Management System implementation and sustenance-based projects.
• Lead risk identification, evaluation, mitigation, and monitoring activities.
• Deliver actionable insights and improvement roadmaps based on assessment results.
• Understand and evaluate application security architectures, including secure SDLC practices, threat modelling and secure coding standards.
• Plan, execute, and report on comprehensive IT and OT security audits.
• Lead teams or work as team member to conduct Information Systems audits covering IT infrastructure assets.
• Manages security and cyber strategy projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion.
• Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to : Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling.
• Conduct and support PCI DSS assessments and gap analysis.
• Provide guidance for remediation efforts to ensure ongoing compliance.
• Demonstrates understanding of complex business and information technology management processes.
• Ensure compliance with cybersecurity guidelines and regulations issued by RBI, SEBI, IRDA, BCAS, NCIIPC, and other relevant bodies.
• Track evolving regulatory requirements and integrate changes into the cybersecurity program.
• Understanding of cloud service models and security controls across major platforms (AWS, Google Cloud, Azure).
• Plan and execute ITGC control testing covering areas such as access management, change management, and operations controls. Identify control gaps and support remediation efforts.
• Interacts with clients, managers, and partners to build and nurture strong relationships.
• Tailors firm tools and methodologies as per client requirements.

Requirements

Desired qualifications

Requirements

Desired qualifications : >

3 - 5 years of relevant experience in cybersecurity consulting, risk management, and compliance. >

B. E / B-Tech (Tier 1 / 2) or master’s degree in information security, Computer Science, or a related field >

Professional certifications such as CISSP, CISA, CISM, CRISC, ISO >

27001 LA / LI, ISO 31000 LA / LI, ISO 22301 LA / LI, CISA, ITIL or PCI QSA are preferred. >

In-depth knowledge of security frameworks and standards (e.g., NIST, ISO 27001, COBIT). >

Strong analytical, communication, and stakeholder management skills.