Job Description
Profile:
Assistant Manager - Cyber Strategy & Risk
Experience:
7 to 10 years in Cyber
•Deliver end-to-end cyber strategy, governance, risk, and compliance engagements across domains including cyber maturity assessment, risk quantification, policy and standards, risk frameworks, and regulatory assessments
•Perform cyber maturity and risk quantification assessments using industry frameworks (e.g., NIST, ISO), including current state analysis, gap identification, target state definition, and translation of cyber risks into business insights
•Develop cybersecurity policies, standards, and procedures, and support design and implementation of risk management frameworks, including governance structures, risk taxonomy, and regulatory alignment
•Execute cyber framework, compliance and risk assessments, including control mapping, design and effectiveness testing, and support remediation and control optimization
•Support third-party risk assessments and related program enhancements, with working familiarity in data privacy regulations and privacy risk considerations
•Prepare high-quality, client-ready deliverables aligned to engagement objectives and firm standards
•Work closely with client stakeholders to conduct workshops, interviews, and walkthroughs, and communicate findings and recommendations in a clear and structured manner
•Oversee and guide consultants, review work outputs for quality, and support engagement planning, lead execution, tracking, and adherence to timelines and delivery standards
•Support proposal development, contribute to enhancement of methodologies and tools, and leverage data-driven and AI-enabled capabilities to improve efficiency of analysis and reporting
•Stay updated on emerging cyber threats, regulatory changes, and industry practices, and contribute to knowledge sharing and capability development within the team
Educational qualifications
•Bachelor's degree in Information/ Cyber Security, Computer Science, Engineering, Business or related fields, from an accredited college/university or equivalent experience
•Preferred Professional Certifications: CISSP, CISM, CISA, CRISC, ISO 27001 LA, ISO 22301 LA, ISO 42001 LA
Work experience
•7–10 years of relevant cybersecurity experience, with focus on strategy, governance, risk, and compliance in a consulting environment (preferably Big 4 or equivalent)
•Proven experience in a client-facing role with demonstrated ability in leading projects and supervising team members.
Mandatory technical & functional skills
•Strong knowledge and hands-on experience with cybersecurity frameworks and standards including ISO 27001, ISO 22301, NIST CSF / NIST 800-53, CIS, and Cybersecurity Maturity Model
•Demonstrable experience in delivering three or more of the following: cyber maturity assessments, cyber risk quantification, cybersecurity development, or policy/standards/ framework development and third-party security risk assessment
•Experience in performing framework and compliance assessments, including control mapping, gap analysis, and evaluation of control design and effectiveness
•Proven experience in developing and reviewing cybersecurity policies, standards, procedures, and frameworks
•Ability to identify gaps and risks, translate and communicate technical cyber findings and risks into business-aligned insights and actionable recommendations for technical and business stakeholders
•Strong understanding of IT and enterprise environments, including infrastructure, applications, and key security domains (e.g., IAM, data security, cloud security)
•Proficiency in managing multiple engagements and deliverables, with experience in project planning, execution, stakeholder coordination, and quality review of outputs
•Ability to assess complex environments, deliver pragmatic solutions, supported by working knowledge of evolving cyber and regulatory landscape
•Ability to use Generative AI tools and AI agents for automation, research, and content generation, with a critical, responsible, and ethical approach, including prompt design and application to streamline business and technical processes
Key behavioral attributes/requirements
•A proactive and self-motivated approach to work, with commitment to continuous learning and professional development
•Ability to work well independently as well as part of a team
•Driven and enthusiastic with a ‘can-do’ attitude and a strong sense of ownership to get the job done in a pragmatic fashion
•Strong analytical mindset with structured problem-solving abilities
•Excellent team player with ability to collaborate across cross-functional and client teams
•Strong communication, presentation, and report writing skills
•Ability to translate complex technical concepts into clear, business-aligned insights
•Team leadership and mentorship skills, with ability to guide and review junior team members
•Strong stakeholder management skills with ability to engage effectively with business and technology stakeholders
•High attention to detail and ability to manage multiple priorities in a dynamic environment
•Adaptability and critical thinking in navigating evolving cyber, regulatory, and client requirements