Job Description
Profile:
Cyber Security Strategy & Governance Consultant
Experience:
4 to 7 years in cyber Security
•Support delivery of cyber strategy, governance, risk, and compliance engagements across domains including cyber maturity assessment, risk quantification, policy and standards, risk frameworks, and regulatory assessments
•Perform cyber maturity and risk quantification assessments using industry frameworks (e.g., NIST, ISO), including supporting current state analysis, gap identification, and development of target state insights
•Assist in development of cybersecurity policies, standards, and procedures, and support design and implementation of risk management frameworks
•Perform cyber framework, compliance and risk assessments, including control mapping, gap analysis, and evaluation of control design and effectiveness
•Perform third-party risk assessments and related program activities, with exposure to data privacy and regulatory considerations
•Prepare structured, client-ready deliverables aligned to engagement objectives and firm standards
•Work with internal and client stakeholders to support workshops, interviews, and walkthroughs, and assist in communicating findings and recommendations
•Collaborate with team members and contribute to engagement execution, timelines, and delivery quality
•Support proposal development, methodology updates, and use of data-driven and AI-enabled tools to enhance analysis and reporting
•Stay updated on emerging cyber threats, regulatory changes, and industry practices
Educational qualifications
•Bachelor's degree in Information/ Cyber Security, Computer Science, Engineering, Business or related fields, from an accredited college/university or equivalent experience
•Preferred Professional Certifications: CISSP, CISM, CISA, CRISC, ISO 27001 LA, ISO 22301 LA, ISO 42001 LA
Work experience
•4–7 years of relevant cybersecurity experience, with focus on strategy, governance, risk, and compliance in a consulting environment (preferably Big 4 or equivalent)
•Proven experience in a client-facing role with demonstrated ability in leading projects and supervising team members.
Mandatory technical & functional skills
•Strong knowledge and hands-on experience with cybersecurity frameworks and standards including ISO 27001, ISO 22301, NIST CSF / NIST 800-53, CIS, or Cybersecurity Maturity Model
•Experience in delivering three or more of the following: cyber maturity assessments, cyber risk quantification, cybersecurity development, or policy/standards/ framework development and third-party security risk assessment
•Experience in performing framework and compliance assessments, including control mapping, gap analysis, and evaluation of control design and effectiveness
•Experience in supporting development and review of cybersecurity policies, standards, procedures, and frameworks
•Ability to identify risks and gaps, and communicate technical findings into clear, business-aligned insights to stakeholders
•Understanding of IT environments, including infrastructure, applications, and key security domains (e.g., IAM, data security, cloud security)
•Support delivery of engagements, including execution, stakeholder coordination, and timely delivery of outputs
•Ability to assess structured problem statements and contribute to development of pragmatic solutions, with awareness of evolving cyber and regulatory landscape
•Ability to use Generative AI tools and AI agents for automation, research, and content generation, with a critical, responsible, and ethical approach, including prompt design and application to streamline business and technical processes
Key behavioral attributes/requirements
•A proactive and self-motivated approach to work, with commitment to continuous learning and professional development
•Ability to work well independently and as part of a team
•Driven and enthusiastic with a pragmatic and solution-oriented mindset
•Strong analytical mindset with structured problem-solving abilities
•Excellent team player with ability to collaborate across cross-functional and client teams
•Strong communication, presentation, and report writing skills
•Ability to translate technical concepts into clear, business-aligned insights
•Ability to work effectively with stakeholders across business and technology teams
•High attention to detail and ability to manage multiple priorities in a dynamic environment
•Adaptability and critical thinking in navigating evolving cyber, regulatory, and client requirements