Security Consultant (GRC)

The Security Consultant GRC (Governance, Risk, and Compliance) is a client-facing role for a seasoned professional providing cybersecurity advisory for designing, implementing, and managing frameworks that ensure an organization's IT systems, policies, and processes adhere to legal, regulatory, and internal standards. They act as trusted advisors, bridging the gap between technical teams and business stakeholders to mitigate risks. 
The role also involves conducting Cybersecurity Maturity Assessments, Audits through evaluation of an organization's IT infrastructure, policies, and procedures against industry standards to identify risks, vulnerabilities, and compliance gaps.
Often project-based and involves working at customer sites. Performance is typically measured by the capture of the consulting engagement, utilization (i.e., billable hours) and/or delivery of agreed solutions within budgeted hours.

Key Responsibilities:

As a Security Consultant in APAC Security Consulting practice of NTT Data’s Cybersecurity business, this role will execute and lead client engagements focusing on the delivering and management of Cybersecurity consulting practice work for Singapore and wider ASEAN/APAC region. This position would be having following key responsibilities:

Deliver and lead GRC (Governance, Risk and Compliance) security consulting projects covering the following key areas:

• Support security consulting pre-sales work (e.g. writing SoWs, proposals etc.)

• Be flexible to acquire new skills and show willingness in learning/re-learning and un-learning things as needed for the success

  of this role and the overall security consulting practice

• Demonstrate strong skills in analysing customer business processes and technical environments

• Provide consultancy advices to client in closing technology control gaps / vulnerabilities in a practical way

• Demonstrate commitment to delivering projects within time and in budget and to a high level of customer satisfaction

• Be able to liaise and work closely with clients across multiple consulting GRC projects and handle stakeholder expectations

• Actively participate in knowledge sharing with all team members

• Keep all records/working papers complete and up-to-date, ensuring team leader/members are kept informed on progress

• Aid the practice in developing/maintaining its processes, methodologies and procedures

Knowledge and Attributes:

• Experienced in supporting consulting pre-sales work (e.g. writing SoWs, proposals etc.)

• Demonstrate excellent skills in structured problem-solving techniques, creativity and intelligence in the development of solutions to customer problems

• Be self-motivated and self-disciplined with a demonstrable and successful track record in delivering consultancy projects to all sizes of organizations

• Must have good presentation skills with the ability to present to audiences of both business and IT stakeholders

• Strong understanding of information technology and information security

• Solid understanding of security risks and preventative controls

• Excellent understanding of security operational processes and controls

• Service consulting aptitude, focusing on the business, service and sales aspects

• Excellent verbal and written communication skills

• Demonstrate impeccable attention to detail are able to translate internal customer requirements into solutions

• Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies

• High level of drive and ability to work under pressure

• Ability to build and maintain cross-functional relationships with a variety of stakeholders

• Understanding of relevant laws, regulations, and compliance frameworks affecting the technology sector.

• Good ability to assess and manage cybersecurity risks at both organizational and project levels.

• Good knowledge of security frameworks and standards like NIST, ISO/IEC 27001, CIS, etc.

• Must be a good team player

• Demonstrates commitment to delivering projects within time and in budget and to a high level of client satisfaction

Academic Qualifications and Certifications:

• Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field.

• Industry relevant certifications such as CISSP, CISM, CEH, GSEC or CompTIA Security+ essential.

Required experience:

• Possess at least 7 years of working experience related to information security consulting with a minimum of 5 years of hands on experiences on GRC practice areas

• Required degree level education, or significant experience and track record with tertiary qualifications on relevant domains,

  including computer science, computer engineering and information security

• Seasoned demonstrable experience in the Information Technology Security Industry or relevant experience in similar role within a related environment.

• Seasoned experience with security architecture design principles, industry compliance and standards such as ISO 27000, PCI DSS, NIST, HIPAA or others.

• Seasoned experience with security tools and techniques to cover SANS Top 25, OWASP or others.

• Seasoned experience working in a multi-team environment across multiple geographies.

• Information security and audit certifications such as ISO 27001 LI, ISO 27001 LA, CISA, CRISC, CISSP