Key skills
Cyber SecurityAILeadershipCommunication
About this role
Role Overview
- Plan and execute internal cyber security audits and control reviews across applications, infrastructure, and business processes.
- Document findings, assess risk and impact, and track remediation through closure with respective teams.
- Conduct security due diligence for vendors and third parties: review security questionnaires, certifications, and technical controls to ensure they meet organizational requirements.
- Identify and track vendor risks, recommend mitigation measures, and support contractual security requirements where needed.
- Work with stakeholders to maintain and test business continuity and disaster recovery (BCP/DR) plans.
- Plan, coordinate, and document tabletop exercises and technical BCP/DR drills, track and follow up on corrective actions.
- Maintain up‑to‑date security policies, standards, procedures, and guidelines, ensuring alignment with NIST CSF, ISO 27001, and relevant regulations.
- Prepare regular reports and dashboards on audit findings, risk status, BCP drill outcomes, vendor risk posture, and ISMS/NIST CSF progress for management.
- Maintain and update the cyber risk register, working with control owners and business stakeholders to identify, assess, and prioritize risks.
- Perform risk assessments (likelihood/impact), propose risk treatment options (mitigate, accept, transfer, avoid), and track treatment plans to closure.
- Develop and deliver cyber security awareness sessions and targeted training for employees, including phishing awareness, secure handling of data, and role‑based security topics.
- Create clear, engaging communication materials (presentations, FAQs, quick guides) to improve security culture.
Requirements
- Bachelor's degree in any engineering discipline.
- At least 3 years of experience in cyber governance, risk and compliance domain.
- Experience in implementing security controls and processes across business functions adhering to NIST CSF, ISO 27001 standards.
- Practical experience into at least 70% of the above-mentioned responsibilities.
- Exposure to industry standards and regulations (e.g., SOC 2, ISO 27001, GDPR/DPDP etc.).
- Security certifications such as CISA, ISO 27001 Lead Implementer / Lead Auditor is preferred.
- AI‑governance or AI‑risk credentials such as ISO/IEC 42001 training, NIST AI RMF Architect/Lead Implementer, or recognized AI Security & Governance certifications is a strong plus.
- Good communication and interpersonal skills, with the ability to engage effectively with diverse stakeholders.
Tech Stack
- Cyber Security
Benefits
- Professional growth in a dynamic, rapidly expanding, high-social-impact industry
- An open-minded, collaborative culture made up of enthusiastic colleagues who are driven by the challenge of innovation towards profound impact on people and the planet.
- A truly multicultural experience: You will have the chance to work with and learn from people from different geographies, nationalities, and backgrounds.
- Structured, tailored learning and development programs that help you become a better leader, manager, and professional through the Sun King Center for Leadership.