Target Firms:

KPMG, FIS, Wipro, PwC, EY, BDO, Protiviti , Infosys, Network Intelligence, RNR, RSM.

Description
As part of the Cyber Strategy and GRC team, the Deputy Manager will play a key role in helping clients strengthen their cybersecurity posture through effective governance, risk management, and compliance programs. The role requires close collaboration with internal teams and clients to identify risks, implement controls, and deliver measurable security improvements.

Key Responsibilities

• Build and maintain strong working relationships with clients and internal teams to exceed client expectations

• Develop, implement, and maintain risk and governance frameworks

• Assess client information security posture, identify gaps and risks, and recommend mitigation strategies

• Recommend security solutions aligned with business objectives and evolving threat landscapes

• Conduct third-party and vendor security risk assessments

• Define and implement Third-Party Risk Management (TPRM) frameworks

• Perform cybersecurity maturity assessments using frameworks such as NIST CSF, NIST 800-53, and ISO 27001

• Lead and support ISO 27001 ISMS implementation and sustenance engagements

• Drive risk identification, evaluation, mitigation, and continuous monitoring activities

• Deliver actionable insights and security improvement roadmaps

• Review and evaluate application security architectures, including secure SDLC, threat modeling, and secure coding practices

• Plan, execute, and report IT and OT security audits

• Conduct Information Systems audits covering IT infrastructure assets

• Manage security and cyber strategy projects and guide teams on day-to-day execution

• Support clients in reviewing and implementing information security controls including:

  • Change management

  • Incident management

  • Backup and recovery

  • Identity and access management

  • Antivirus and endpoint security

  • SLA monitoring and reporting

  • Media handling and information exchange

  • Physical and environmental security

• Conduct and support PCI DSS assessments and gap analysis

• Guide remediation efforts to ensure ongoing compliance

• Ensure compliance with cybersecurity regulations and guidelines issued by RBI, SEBI, IRDA, BCAS, NCIIPC, and other authorities

• Track regulatory changes and integrate updates into cybersecurity programs

• Understand cloud service models and security controls across AWS, Azure, and Google Cloud

• Plan and execute ITGC testing (access management, change management, operations controls)

• Identify control gaps and support remediation activities

• Interact with clients, managers, and partners to build long-term relationships

• Tailor firm tools, templates, and methodologies to meet client requirements

Education & Certifications

• B.E / B.Tech (Tier 1 or Tier 2) or Master’s degree in Information Security, Computer Science, or related field

• Preferred certifications:
  CISSP, CISA, CISM, CRISC, ISO 27001 LA/LI, ISO 31000 LA/LI, ISO 22301 LA/LI, ITIL, PCI QSA, PMP

Skills & Experience

• 6–8 years of experience in cybersecurity consulting, GRC, risk management, and compliance

• In-depth knowledge of security frameworks and standards such as NIST, ISO 27001, COBIT, ITIL

• Experience establishing and managing enterprise risk governance frameworks

• Strong experience in IT and OT security audits and ITGC testing

• Experience designing and implementing security programs and compliance initiatives

• Knowledge of regulatory compliance requirements (RBI, SEBI, IRDA, PCI DSS, etc.)

• Experience advising on secure cloud architectures across AWS, Azure, and Google Cloud

• Strong analytical, communication, and stakeholder management skills

• Ability to independently define project scope and lead delivery teams