Application Risk Management Consultant

Act as the functional specialist for Cyber Security Risk Management (CSRM):

• Advanced knowledge on various Risk Methodologies – Octave, ISO31000 etc.
• Adopt, Define, Implement, evolve the risk framework for the Organization.
• Conduct / Facilitate smooth conduct of Risk Assessment on Applications, Network& Systems.
• SME Knowledge on conducting data security and privacy assessments.
• Proactively review Indigo’s information security and related risks w.r.t threats and vulnerabilities & compliances (ISO,PCIDSS, SOC1/2 , SSAE etc.)
• Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the CSRM requirements and its implementation methodologies.
• Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Indigo’s CSRM standards are being followed.
• Responsible for Cyber security and Data Privacy awareness
• Actively participate in reviewing and improving the data Security and privacy controls implemented in the organization.
• Active participation in the Assurance and Architecture level discussions in the engagements.
• Serves as CSRM entity for creating Security awareness sessions both scheduled (Induction) and ad-hoc ones.

Requirements

• Good understanding of, and experience with Information Risk Management, Audit (internal and external), and Business (IT) Controls.
• Advanced understanding of internal and external IT security standards, PCI standards and relevant legal compliance aspects like GDPR, Various compliances like ISO, BSI etc.
• Robust understanding of, and solid experiences with the impact of CSRM on application development and operations as well as the IT Infrastructure.
• Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network across Group businesses, as well as with external groups.
• Technical knowledge & relevant experience in security domains /technologies related to:

Infrastructure/Network security

Data Privacy and Business Impact Assessment - PCI DSS, Privacy Principles, GDPR etc.

Data Classification discussions with business.

• Driving Platform / Application security and compliance as part of Project Engagement.
• Ability to foresee and identify mitigation strategies for Risks Candidate must also:

Display excellent communicating and influencing skills

Display analytical and problem solving skills

Be pro-active and self-motivated

• A qualification in CISA, CRISC or CISM Experience
• Must have previous experience in an (Information/Cyber) Risk Management team .

 “IndiGo never asks for money for interview or hiring.

Refer to our job website - careers.goindigo.in or goindigo.app.param.ai for official job postings”

#LI-6ERECRUIT