Senior Consultant – IT Security, IT-TPRM

Inviting applications for the role of Senior Consultant - IT Security, IT-TPRM
In this role, you&rsquoll be responsible for providing expert-level guidance and support in the identification, assessment, and mitigation of IT security risks across the organization. This role plays a critical part in developing security policies, conducting risk assessments, and implementing technical and procedural controls to maintain security compliance with standards such as NIST SP 800-53 and ISO/IEC 27001. The Senior Consultant will support cloud and on-premises infrastructure security, guide risk mitigation strategies, and collaborate closely with stakeholders to address complex security challenges.

Responsibilities
. Assist in the development, enhancement, and enforcement of IT security policies, procedures, and guidelines aligned with industry standards (NIST SP 800-53, ISO/IEC 27001).
. Implement and manage security configurations for on-premises (Linux and Windows) and cloud infrastructures (AWS, Azure, Google Cloud) ensuring alignment with compliance requirements.
. Conduct regular IT security risk assessments to identify, assess, and prioritize vulnerabilities, threats, and weaknesses across the organization&rsquos IT systems, networks, and cloud environments.
. Collaborate with teams to remediate security vulnerabilities and track the progress of corrective actions.
. Assist in managing security configurations and controls for cloud platforms, ensuring adherence to best practices (CIS benchmarks, NIST standards) and security policies.
. Evaluate and improve user access control mechanisms, including Role-Based Access Control (RBAC) and Privileged Access Management (PAM), to enhance security posture.
. Provide expertise in managing incident response processes, including root cause analysis, documentation, and implementation of corrective measures.
. Support data protection efforts through encryption, backup, and disaster recovery strategies, ensuring the security and availability of critical data.
. Assist in maintaining compliance with data security regulations and standards through governance, risk, and compliance (GRC) processes.
. Participate in internal and external audits, ensure documentation is up-to-date, and help address audit findings related to IT security.
. Support the design and execution of patch management processes, monitoring security agent performance to ensure consistent security across the environment.
. Assist in the development and delivery of security awareness programs, conducting training sessions to educate employees on IT security controls and emerging threats.

. Promote security best practices and ensure company-wide understanding of security risks and mitigation strategies.
. Assist in overseeing business continuity and disaster recovery planning processes, ensuring systems and procedures are in place to minimize the impact of security incidents on business operations.
. Prepare detailed reports and summaries of security assessments, audit results, and risk mitigation plans for internal stakeholders and senior management.
. Work closely with cross-functional teams, including IT, legal, and compliance, to address security issues and integrate security practices across all business units.

Qualifications we seek in you!
Minimum qualifications
. Graduate in IT Technology, Cybersecurity or related domain.
. Relevant experience in IT security, information security, and/or GRC roles, with hands-on experience in both cloud and on-premises environments.
. Strong experience in performing security risk assessments and implementing security controls in medium to large-scale IT environments
. Relevant certifications would be preferrable (AWS Certified security, Microsoft Certified: Azure Security, Engineer, Google Professional Cloud Security Engineer).
. Certifications in security governance and risk management (CISM, CRISC, CISA, CCSP, CCSK) are preferred

Preferred qualifications

. Comprehensive knowledge of security frameworks and compliance standards such as NIST, ISO/IEC 27001, and ITIL.
. Strong expertise in securing cloud environments, including experience with encryption, identity management, and vulnerability management in AWS, Azure, or Google Cloud.
. Familiarity with GRC tools like RSA Archer, MetricStream, or ServiceNow GRC.
. Strong analytical and problem-solving skills, with the ability to assess security risks and propose effective solutions.
. Excellent communication skills, capable of explaining complex security concepts to both technical and non-technical stakeholders.
. Team-oriented mindset with the ability to collaborate effectively across departments and manage multiple priorities in a fast-paced environment.