About the Role:
As a Cybersecurity Consultant within our Governance, Risk, and Compliance (GRC) team, you will play a key role in shaping and enhancing our clients' cybersecurity posture.
Key Responsibilities:
Responsibilities will include to –
- Serve as a trusted advisor, collaborating closely with clients to understand their unique challenges and providing expert guidance on cybersecurity and risk management.
- Manage end-to-end delivery of client engagements, from scoping through execution.
- Assist clients in developing / enhancing their cybersecurity strategies and multi-year implementation roadmaps, in alignment with their risk landscape.
- Provide support in the design and implementation of cybersecurity governance frameworks and policies.
- Conduct comprehensive risk assessments to identify and prioritize cyber risks and develop risk management strategies to mitigate risks effectively.
- Assist clients in defining risk appetite and tolerance levels aligned to business objectives.
- Conduct gap assessments to evaluate clients' compliance with relevant standards and frameworks and develop compliance strategies and roadmaps tailored to clients' needs.
- Support clients in increasing their incident readiness with custom-tailored incident response plans / playbooks and the delivery of tabletop exercises and cyber simulations.
- Support secure architecture and configuration review for network and security infrastructure and provide recommendations to meet evolving threats.
- Collaborate on internal innovation initiatives, contribute to the development of new service offerings and the enhancement of existing service methodologies.
Your Experience:
- You have at least 5 years’ experience working in cybersecurity, with a focus on governance, risk, and compliance. Consideration will be given for equivalent combined experience in an IT, Risk Management or technology management capacity.
- You have working knowledge of general IT and business processes and familiarity with organizational technology landscapes.
- Hands-on technology administration is not required, but sufficient familiarity to participate in technical discussions is critical.
- You have a deep understanding of cyber risk assessment and risk management, and familiarity with cybersecurity- and privacy-related regulatory compliance requirements, industry standards and frameworks (NIST, PCI, ISO, etc.), and key technical concepts (e.g., networking, protocols, cloud technologies).
- Preferred: You have demonstrated working knowledge of at least one of the following – SSDLC, secure architecture design, threat modelling, data privacy, AI security, cloud security.
Additional Skills:
- You have strong analytical and critical reasoning skills, and the ability to analyze complex cybersecurity issues, identify root causes, and identify appropriate solutions.
- You are self-motivated and an independent learner.
- You have a strong ability to work collaboratively within a team and build relationships.
- You are organized and proactive, with strong project management skills and a proven ability to manage concurrent projects and deliver results within budget and on time.
- You have strong verbal and written communication skills (English and Hebrew) as well as report writing and presentation skills.
- You are comfortable taking a client-facing role and can effectively convey technical concepts to non-technical stakeholders.
- A bachelor’s degree in a relevant field and relevant industry certifications (e.g., CISSP, CISM, CRISC) are preferred qualifications; equivalent experience and industry-specific learning will be considered.