SRC_Cyber Resilience_Senior Associate

Key Responsibilities

• Create and enforce comprehensive business continuity and cyber resilience strategies to ensure clients' operations can withstand and quickly recover from disruptions.

• Conduct thorough risk assessments and develop risk treatment plans to identify and manage vulnerabilities and potential threats to business operations and cyber resilience.

• Provide expert advice to clients on business continuity and cyber resilience, including policy development, risk assessments, and compliance strategies.

• Design and document IT Disaster Recovery (ITDR) policies and procedures, including Application Sensitivity Assessments (ASA) and Failure Mode and Effects Analysis (FMEA).

• Develop and implement Business Continuity and Disaster Recovery (BCDR) plans, Information Security Management Systems (ISMS), and enterprise risk management frameworks.

• Develop and execute incident response plans, ensuring rapid and effective recovery from cyber incidents and other disruptions.

• Develop and execute disaster recovery plans and runbooks and facilitate tabletop simulation exercises focusing on natural disasters and cyber threats.

• Manage all phases of disaster recovery testing initiatives, including planning, coordination, execution, and post-drill activities.

• Implement and oversee compliance monitoring, auditing, and remediation activities to ensure adherence to relevant regulations and best practices.

• Develop and deliver training programs for clients and internal teams to promote awareness and preparedness for business continuity and cyber resilience.

• Provide advisory services on the selection and implementation of Business Continuity Management (BCM) tools and the automation of BCMS processes.

• Contribute to practice enablement and business development activities (development of SOW’s, RFPs in alignment to client’s requirement, etc.)

• Drive initiatives to develop innovation quotient (publishing whitepapers, help develop business case for an innovative technical idea to seek investments, point of view, etc.)

Position Requirements

• In-depth understanding of cyber resilience principles, business continuity, and disaster recovery frameworks.

• Knowledge of network security/hardening, whitelisting, and cybersecurity best practices.

• Proficiency in conducting risk assessments and developing IT Disaster Recovery plans and procedures.

• Good knowledge of cybersecurity principles, theories, and techniques.

• Knowledge of relevant standards and regulations, including ISO 27001, ISO 22301, NIST SP 800-61, and the Digital Operational Resilience Act (DORA).

• Experience working with frameworks such as MITRE ATT&CK, NIST, and SANS Incident Response.

• Understanding of information security management systems (ISMS) and enterprise risk management (ERM) practices.

• Experience in creating and maintaining Business Continuity Plans (BCPs), Crisis Management Plans (CMPs), and IT Disaster Recovery (ITDR) plans.

• Demonstrate application of business acumen while leveraging technologies.

Desired Knowledge

• Relevant certifications such as ISO 22301, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are highly desirable.

• Excellent leadership, teamwork, and collaboration skills.

• Practical experience in conducting business continuity and cyber resiliency testing and simulations.

• Proficient in security operations, particularly in handling security incidents, cyber threat intelligence, and proactive threat hunting.

• Hands-on experience with cyber defense security technologies, including SIEM, security detection platforms (IPS/IDS), and EDR/XDR (defense-in-depth).

• Experience working with cloud platforms such as AWS, Azure, or GCP.

Years Of Experience

Minimum of 3-8 years of experience in business continuity, cyber resilience, or a related field. Experience in a consulting environment is highly desirable.

Professional and Educational Background

BE / B Tech / MCA / MS / MBA (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems).

Industries:Computer Software, Information Technology & Services, Management Consulting