ADVISORY (IT - ADVISORY) - RISK SECURITY LEAD CONSULTANT 

 

Responsibilities

• Act as the Subject Matter Expert for Security and Risk Assessment activities
• Perform security and/or risk assessments in a fast-paced environment along with providing timely and practical recommendations to mitigate the identified risks
• Lead discovery workshops with other consultants and key stakeholders, both in IT and other business units
• Perform quality assurance on project deliverables (i.e. technical report, executive report, strategy & roadmap, etc.)
• Leads project management and client management
• Facilitate Security Training and Awareness
• Participate in pre-engagement and business development activities
  • Scoping/discovery meeting with clients
  • Development of proposal (technical and commercial) and presentation to clients
  • Adherence with company risk management guidelines on engaging with clients
  • Monitoring of pursuits from identification to engagement conversion
  • Client Management all throughout the sales process 

 

Qualifications

• Has more than 5 years’ experience in Information Technology
• Has more than 3 years’ experience in security assessments (Vendor Security Risk Assessments, ISMS/NIST Assessment, SOC 2 Type 2 Assessment, RCSA, Configuration Review, Architecture Review, Controls Review) (Mandatory)
• Has at least 1 year’ experience in IT Risk Assessments (or facilitated more than 2 IT Risk Assessment projects)
• Has more than 1 year’ experience in Project Management (or acted as Project Manager for more than 2 projects) (Preferred)
• Has at least 1 year ‘experience in Business Development (Proposal development, Sales presentation, business case & portfolio development, etc.) (Preferred)
• Working experience in Data Privacy (PDPA, GDPR, DPA of 2012)
• Working experience in Security Awareness and Training
• Specific 2 years ‘experience in consulting/advisory engagements (preferred)
• Strong knowledge in IT Audit/Assessments and/or Maturity Assessments
• Strong knowledge on information security standards and guidelines such ISO 27001/2, NIST, CIS, PCI DSS and SWIFT CSP
• Understanding of Security Operations Center processes and relevant technologies
• Understanding of Cloud Compute, Storage, Security and Virtualization best practice
• Good communicator and ability to interact with all levels within an organization
• Good in technical writing and infographic reporting
• Strong time management skills which allow for multi-tasking while managing shifting priorities
• Proven history of providing exemplary customer service to both internal and external stakeholders
• Preferably has at least one of the following certifications:
  • ISC2 CISSP
  • ISMS LA/LI
  • SACA CISA or CRISC

Relevant certifications for PCI DSS; SWIF, HITRUST and other industry security standards/guidelines