Senior Consultant - Risk and Compliance

SDG Corporation • Noida, Uttar Pradesh, India • 1w ago

Position: Senior Consultant – Risk & Compliance

Location: Noida

Experience: 6–10 years

Responsibilities:

·Independently manage multiple service engagements ensuring customer service delivery according to the company quality guidelines & methodologies.

·Lead and manage data privacy and risk & compliance projects from initiation to completion, ensuring they are delivered on time, within scope, and within budget.

·Expertise in delivery of risk and compliance advisory services

·Experience on conducting privacy risk assessments and data protection impact assessments (DPIAs), and advice on corrective measures to mitigate data privacy risks.

·Identify, develop, recommend and/or implement business processes to improve organizational privacy and information security compliance.

·Provide analysis of legislative requirements, emerging knowledge, and trends to make recommendations to management.

·Work with internal and external customers on consulting engagements and provide business as well as technical leadership to ensure that data, processes and technology are designed for data protection and compliance such as SOC 1/2, NIST, PCI-DSS, CIS 8, ISMS etc.

·Knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception, and audit trails

·Work collaboratively with the practice leaders and provide end to end engagement leadership on the projects.

·Provide subject matter expertise to the engagement/project teams. Serve as the point of contact for requirements across various standards.

·Build and maintain customer relationships by understanding and being responsive to customer needs and ensuring high quality of work.

·Contribute in people and knowledge development initiatives within the team and organization.

·Maintain an up-to-date understanding of emerging trends in information security and apply new techniques and trends, in-line with overall information security objectives and risk tolerance

·Demonstrate strong analytical thinking and interpersonal skills, including the ability to research and understand sophisticated processes and effectively communicate them to interested parties.

Requirements

Skills Required:

·Demonstrate proficiency in standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc.

·Exhibit a good understanding of GDPR, CCPA, or other privacy laws.

·Excellent technical capabilities around information security, business continuity and technology risk assessments

·Must be able to demonstrate outstanding communication skills to ensure the ability to articulate clearly and negotiate with the relevant stakeholders.

·Experience working with internal and external auditors/stakeholders/customers

·Prior knowledge and experience on performing testing of internal controls specified in Information Security policies

·Possess a sound knowledge of fundamentals of information security systems and data privacy requirements.

·Display competence in governance and reporting, as well as a strong grasp of cyber and privacy risks.

·Effectively managing workflow, including multiple projects, in a proactive and highly responsive manner.

·Strong attention to detail with an analytical mind and outstanding problem-solving skills.

·Must be able to demonstrate outstanding communication skills to ensure the ability to articulate clearly and negotiate with the relevant stakeholders.

·Experience working with internal and external auditors/stakeholders/customers.

·Knowledge and auditing experience around some regulations/acts/standards, such as– ISO 27001, NIST Cybersecurity Framework and Privacy Framework, SOC2, ISO 22301, NIST CSF and Cloud Security will be preferred.

·Ability to work on a flexible schedule when needed, as part of cross-geography and cross-culture global team

·Willingness to travel globally on need basis

Certifications:

ISO 27001 Lead Auditor, CRISC, CISA, CISM(Must have)

FIP-IAPP (Essential)

Knowledge of compliance standards like ISO 27001, NIST CSF, NIST 800-53, NIST 800-171, GDPR, SOX, SOC, HIPAA, FAIR, OWASP, CIS 20 (Good to have)