Deputy Manager | Risk Assessment and Management | Pune | Cyber Strategy & Transformation

Develop, implement, and manage a comprehensive risk management program to identify, assess, and mitigate cybersecurity risks across IT/IS systems and processes.- Continuously monitor the risk landscape, ensuring effective implementation and maintenance of mitigation strategies, while reporting on compliance with relevant laws, regulations, and industry standards.- Lead audits and assessments to verify cybersecurity compliance, providing remediation guidance for identified gaps, and staying up to date with regulatory changes.- Implement and maintain cybersecurity controls and frameworks, including NIST CSF, NIST 800-53, ISO/IEC 27001,ensuring alignment with industry standards and organizational needs.- Manage the organizations ISO/IEC 27001 certification process, including the development and maintenance of an Information Security Management System (ISMS), conducting internal audits, gap analyses, and preparing for external audits.Support the client CISO and CIO function in developing IT/IS control library for Access management, Cloud security, Data and Records, Security and monitoring, Data Privacy, vulnerability Management etc.Design and execute IT/IS controls testing strategies to evaluate the design adequacy and operating effectiveness of controls.Review policies, procedure and key operating documents and assist in rationalize the controls for review to identify potential treatment for Control Definitions based where controls remain, then these will flow into the control design adequacy assessment process to uplift the IT/IS control definition documentation.Design, document, and regularly update a cybersecurity control framework that complies with relevant industry standards and regulatory requirements (e.g., NIST, ISO/IEC 27001, CIS, PCI DSS, RBI, SEBI, IRDA, DPDPA, GDPR, DORA).- Conduct workshops with senior stakeholders to appraise them of cybersecurity frameworks and control requirements, ensuring continuous improvement of the organizations cybersecurity posture. Qualifications:- Bachelors degree in information technology, Computer Science, or a related field (or equivalent experience).- 5-8years of relevant experience in information security, cyber security compliance, risk assessment or a similar role- Good understanding of IT and IS control frameworks ( NIST, COBIT, ITIL, CSF, ISO 27001, ITIL, COSO etc.)- Good understanding and Indian and global cyber security regulations- Excellent communication and documentation skills.- Ability to work independently and as part of a team.- Experience with risk management, compliance, and audit processes.- Mandatory Certifications: ISO27001:2022, CISA, CISM, CRICS- Preferred Certifications:CISSP.