Cyber Security Consultant Threat Modeling

Job description

<p><p><b>Job responsibilities :</b><br/><br/><b>IT Risk Management :</b><br/><br/>- Perform risk assessments to identify, evaluate, and mitigate potential threats and vulnerabilities in IT infrastructure, networks, applications, and data.<br/><br/>- Develop and implement risk treatment plans to reduce identified risks to acceptable levels.<br/><br/>- Continuously monitor risk levels and update the risk management framework to reflect changes in the threat landscape.<br/><br/><b>SOC Operations Management :</b><br/><br/>- Oversee Security Operations Center (SOC) to ensure continuous monitoring, detection, and response to security incidents.<br/><br/>- Develop and refine incident response procedures and playbooks to address evolving threats.<br/><br/>- Implement SIEM (Security Information and Event Management) tools and use threat intelligence to proactively identify security anomalies.<br/><br/>- Lead forensic analysis and root cause investigation for security incidents, ensuring rapid containment and mitigation.<br/><br/>- Optimize SOC workflows by implementing automation for threat detection and response using SOAR (Security Orchestration, Automation, and Response).<br/><br/>- Establish and monitor KPIs for SOC performance to ensure operational effectiveness and timely incident resolution.<br/><br/><b>Cloud Security :</b><br/><br/>- Develop and implement cloud security strategies aligned with compliance standards such as ISO 27001, PCI DSS, and NIST CSF.<br/><br/>- Conduct security assessments for cloud platforms such as AWS, Azure, and GCP, ensuring best practices in IAM (Identity & Access Management), data encryption, and network security.<br/><br/>- Enforce CASB (Cloud Access Security Broker) solutions to secure SaaS applications and prevent unauthorized access.<br/><br/>- Implement cloud-native security controls such as CSPM (Cloud Security Posture Management) and CWPP (Cloud Workload Protection Platform) to enhance visibility and threat mitigation.<br/><br/>- Collaborate with DevOps teams to integrate security controls in CI/CD pipelines and cloud-native applications.<br/><br/>- Conduct cloud security risk assessments and provide recommendations to mitigate misconfigurations and vulnerabilities.<br/><br/><b>Compliance Management :</b><br/><br/>- Ensure compliance with regulations including RBI, NPCI, SEBI guidelines, ISO 27001, PCI DSS, and other security standards.<br/><br/>- Conduct regular compliance assessments to evaluate adherence to internal and external requirements.<br/><br/>- Update policies based on regulatory changes, educate employees, and ensure consistent adherence across departments.<br/><br/><b>Governance :</b><br/><br/>- Establish and update cybersecurity policies in alignment with RBI guidelines, ISO 27001, NIST, and PCI DSS standards.<br/><br/>- Implement governance frameworks to manage risks and strengthen information security strategies.<br/><br/>- Monitor cybersecurity programs and recommend improvements to enhance compliance and security posture.<br/><br/><b>Security Awareness :</b><br/><br/>- Design and implement awareness programs to educate employees on security policies and best practices.<br/><br/>- Conduct training sessions, workshops, and phishing simulations to promote a security-conscious culture.<br/><br/>- Measure the effectiveness of awareness initiatives through feedback, testing, and incident analysis.<br/><br/><b>KPI Reporting :</b><br/><br/>- Define and track key performance indicators (KPIs) for governance, risk management, compliance, and security awareness.<br/><br/>- Analyse cybersecurity metrics and generate reports for senior management to aid decision-making.<br/><br/>- Use KPI data to drive continuous improvements in the cybersecurity program.<br/><br/><b>What are we looking for :</b><br/><br/>- Comprehensive knowledge of RBI & NPCI guidelines, ISO 27001, NIST, PCI DSS, and other security standards.<br/><br/>- Expertise in governance, risk, compliance (GRC), SOC operations, and cloud security.<br/><br/>- Proficiency in SOC operations, SIEM tools, incident response, threat intelligence, and forensic analysis.<br/><br/>- Hands-on experience with cloud security frameworks, DevSecOps, and cloud-native security solutions.<br/><br/>- Ability to proactively identify risks and implement mitigation measures to reduce exposure.<br/><br/>- Foster a security-first culture through training and awareness programs.<br/><br/>- Monitor and improve policies and frameworks to address evolving cybersecurity threats and regulatory changes.<br/><br/>- Strong communication and interpersonal skills to effectively convey security matters to technical and non-technical stakeholders.<br/><br/>- Entrepreneurial skills, ability to observe, innovate, and take ownership of security initiatives.<br/><br/>- Detail-oriented and organized with strong time management skills.<br/><br/>- Influencing skills and the ability to create positive working relationships with team members at all levels.<br/><br/>- A collaborative approach and work with perfection as a group effort to achieve organization goal.<br/><br/><b>Education Qualification Graduate :</b><br/><br/>- Good to have certifications CISM, CISSP.<br/><br/><b>Experience :</b> 10+ years.<br/><br/><b>Industry :</b> Banking /Fintech.<br/><br/><b>Location :</b> Bengaluru/Noida.<br/><br/><b>What do we offer :</b><br/><br/>- An organization where we strongly believe in one organization, one goal.<br/><br/>- A fun workplace which compels us to challenge ourselves and aim higher.<br/><br/>- A team that strongly believes in collaboration and celebrating success together.<br/><br/>- Benefits that resonate We Care</p><br/></p> (ref:hirist.tech)

Required Skill Profession

Computer Occupations