Job Summary

As a Manager in the Cyber Strategy and GRC team, you will lead complex governance, risk, and compliance engagements while building strong client relationships. You will guide teams, drive cybersecurity programs, and help organizations strengthen their security posture in line with regulatory and business requirements.

Key Responsibilities

• Build and nurture strong working relationships with clients and internal teams to exceed client expectations

• Develop, implement, and maintain enterprise risk and governance frameworks

• Lead assessments of client information security posture, identify gaps and risks, and design mitigation strategies

• Recommend security solutions aligned with business objectives and evolving threat landscapes

• Conduct third-party and vendor security risk assessments

• Define and integrate Third-Party Risk Management (TPRM) frameworks into enterprise risk programs

• Perform cybersecurity maturity assessments using frameworks such as NIST CSF, NIST 800-53, and ISO 27001

• Lead ISO 27001 ISMS implementation and sustenance engagements

• Drive risk identification, evaluation, mitigation, and continuous monitoring activities

• Deliver actionable insights and security improvement roadmaps based on assessment outcomes

• Evaluate application security architectures including secure SDLC, threat modeling, and secure coding standards

• Plan, execute, and report comprehensive IT and OT security audits

• Lead Information Systems audits covering IT infrastructure and applications

• Manage cybersecurity and cyber strategy projects, ensuring timely and high-quality delivery

• Support clients in reviewing and implementing information security controls including:

  • Change management

  • Incident management

  • Backup and recovery

  • Identity and access management

  • Antivirus and endpoint security

  • SLA monitoring and performance management

  • Media handling and information exchange

  • Physical and environmental security

• Conduct and support PCI DSS assessments and gap analysis

• Provide strategic guidance for remediation and ongoing compliance

• Ensure compliance with cybersecurity regulations and guidelines issued by RBI, SEBI, IRDA, BCAS, NCIIPC, and other authorities

• Track regulatory changes and integrate updates into cybersecurity programs

• Advise on cloud security controls across AWS, Azure, and Google Cloud platforms

• Plan and execute ITGC testing covering access management, change management, and operations controls

• Identify control gaps and lead remediation efforts

• Interact with clients, managers, and partners to build long-term trusted relationships

• Tailor firm tools, frameworks, and methodologies to meet client requirements

Education & Certifications

• B.E / B.Tech (Tier 1 or Tier 2) or Master’s degree in Information Security, Computer Science, or related field

• Preferred certifications:
  CISSP, CISA, CISM, CRISC, ISO 27001 LA/LI, ISO 31000 LA/LI, ISO 22301 LA/LI, ITIL, PCI QSA

Skills & Experience

• 7–10 years of experience in cybersecurity consulting, GRC, risk management, and compliance

• Deep expertise in security frameworks and standards such as NIST, ISO 27001, COBIT, and ITIL

• Strong experience leading GRC programs and managing multi-stakeholder engagements

• Proven ability to lead teams and deliver complex cybersecurity projects end-to-end

• Strong understanding of regulatory requirements and compliance landscapes

• Excellent analytical, communication, and stakeholder management skills