A

Grc Consultant

Atos · Bengaluru, Karnataka, India - Mumbai, Maharashtra, India

3–9 yrs experiencefull_timePosted 3w ago
Apply now →

Job description

**Location** - Mumbai & Bangalore **Experience** - 7+ years **Role & responsibilities** - Hands on experience in Information Security and cybersecurity standards (PCI DSS, SWIFT CSP, ISO 27001:2022, ISO 27701, SOC2 etc) - Develop and implement cybersecurity standards, procedures. And guidelines for multiple cybersecurity standards (PCI DSS, SWIFT CSP, ISO 27001:2022, ISO 27701, SOC2 etc) - Analyse security requirements, perform risk assessments, and identify potential vulnerabilities within IT systems. - Should be adept at conducting gap analysis, risk assessments to identify threat and vulnerabilities based on NIST, ISO. PCI DSS, SWIFT frameworks. - Analyse Cardholder data flows (Business and application data flows) and accordingly identify the risks to cardholder data, provide guidance to clients on PCI DSS awareness. - Conduct regular PCI DSS audits to ensure secure payment transactions and adherence to PCI DSS Standard. - Work independently or collaborate with teams to collect, analyse, consolidate evidence of clients PCI DSS compliance, should have written or supported in writing AOC and ROCs. - Conduct current-state assessment of data flows to identify sensitive datasets requiring obfuscation. - Develop a comprehensive data obfuscation framework including governance model, workflows, and control points. - Deliver documentation, playbooks, and knowledge transfer to internal stakeholders for long-term sustainability. - Provide guidance on tool selection and integration within existing data management and DevOps environments. - Establish validation and monitoring controls to ensure data integrity and protection effectiveness. - Should be able to understand and explain technical vulnerabilities. - Intermediate knowledge on Active directory, firewalls, routers, switches, SCCM, MacAfee security products, DLP, Secure coding practices and product security **Must Have Skills :** - Excellent communication and presentation skills. - Able to effectively interact with various functions. - **Good to have Skills / Certification Minimum**: PCI DSS QSA, PCIP, or PCI ISA, ISO27001:2022, ISO 27701, ISO 22301 Lead Auditor or implementor course - **Good to have**: PCI DSS QSA, PCIP, or PCI ISA, CISSP, CISA, CISM, ISO22301 - **Qualification** BE/ BTech, MCA, MBA with specialization in Information Security. - **Critical Thinking**: Analysing information, problem-solving, and making informed judgments. - **Collaboration skills**: Working effectively with legal, IT, engineering, and business teams **Education Qualification**: - B-Tech, BCA, MCA, BE-Computer science, MBA – Information Technology, or specialization in Information security Compliance Frameworks. - Deep knowledge of PCI DSS, SWIFT CSP, NIST CSF, ISO 27001, GDPR.