Security Consultant - GRC
IBM · Mumbai, Maharashtra, India
IBM · Mumbai, Maharashtra, India
**Key Responsibilities**; **SOC Governance Performance Management:**; - Define update security policies procedures - SCDs review and update - NIST Framework Adoption Alignment - Unified Compliance Framework - Configuration Review, Firewall, WAF, Proxy, NAC review as per SOP - Automate policy management - Evaluate risk management solutions - Change Management Review, SLAs reporting - Track, follow up and mitigate audit findings regulatory observations, Root Cause Analysis. - Ensure adherence to RBI, IRDAI, UIDAI, ISO 27001, IT Act 2000, NPCI, PCI-DSS, DPDPA - Maintain documentation for regulatory audits, Continuous compliance monitoring control testing - Report cybersecurity posture to leadership KRI KPI dashboarding reporting - Tracking follow-up on Exceptions Review (Change Request) - Maintain risk acceptance tracker (Change Management Request) - Create and maintain risk register (Cybersecurity domain) - **SOC Compliance Audit:**; - Serve as the primary point of contact for all internal and external audits related to SOC operations and tools. - Ensure SOC processes and documentation meet the requirements of relevant frameworks and standards such as**NIST CSF, NIST 800-53, ISO 27001, PCI-DSS, and SOC 2**;. - Manage the evidence collection process for audits, ensuring timely and accurate responses to auditor requests. **Security Tool Governance:**; - Govern the lifecycle of SOC tools (Firewall, WAF, Proxy, NAC), including policy configuration, user access reviews, and license management. - Ensure that detection content (rules, alerts, playbooks) is documented, updated, and aligned with the MITRE ATTCK framework. **Strategic Reporting Communication:**; - Prepare and present monthly and quarterly SOC performance and risk reports to senior - Translate technical SOC metrics into business-centric risk and impact language for non-technical stakeholders. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Professional and Technical Expertise\\* Required6+ years of experience in information security, with at least 5 years in a IT GRC, IT security auditing. Preferred technical and professional experience PreferredAt Least one Relevant certification require: - CRISC- Certified in Risk and Information Systems Control - CGRC- Certified in Governance, Risk Compliance - GIAC GSEC (Security Essentials) or GCIH (Incident Handler) - Experience with GRC platforms (e.g., ServiceNow IRC, RSA Archer). **Years of Experience:**; 6-8