Cyber Security Consultant at Sopra Steria

Bengaluru, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

16 May, 26

Salary

0.0

Posted On

15 Feb, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cyber Risk Analysis, Vulnerability Assessment, Remediation Planning, Risk Management, Threat Scenario Assessment, Business Impact Analysis, TPRM, Project Safety Support, Secure by Design, Risk Monitoring, Risk Governance, Cyber Monitoring, ISO 27005, NIST RMF, EBIOS RM, OWASP

Industry

Information Technology & Services

Description

Company Description About Sopra Steria Sopra Steria, a major Tech player in Europe with 50,000 employees in nearly 30 countries, is recognised for its consulting, digital services and solutions. It helps its clients drive their digital transformation and obtain tangible and sustainable benefits. The Group provides end-to-end solutions to make large companies and organisations more competitive by combining in-depth knowledge of a wide range of business sectors and innovative technologies with a collaborative approach. Sopra Steria places people at the heart of everything it does and is committed to putting digital to work for its clients in order to build a positive future for all. In 2024, the Group generated revenues of €5.8 billion. The world is how we shape it. Job Description Location: Bangalore Experience: 10 to 15 years About the role Strengthen cyber risk management system, in a context of evolving threats, increased requirements from regulators and the continuous transformation of business infrastructures and services. As such, it wishes to benefit from the consultant's expertise in terms of: Cyber Risk Analysis, identification and assessment of vulnerabilities, definition of remediation plans, and support for project and operational teams in risk management. As observed in the existing services related to cybersecurity, the mission is part of the overall cyber strategies as well as best practices in risk management. Scope of the Role The service covers the entire cyber risk analysis cycle, and includes support for projects, operational teams, and security governance. Internal Risk Analysis Carrying out risk analyses on applications, infrastructures, flows, IT projects and exposed devices. Methodology inspired by EBIOS RM Assessment of threat scenarios, business impacts, and probability of occurrence. Analysis of deviations from internal standards and recommendations. Third-Party Risk Analysis (TPRM) Review of the risks related to service providers, SaaS/IaaS/PaaS providers. Evaluation of the security measures taken, risk scoring, definition of action plans. TPRM Steering Support Project safety support Integration of security requirements (Secure by Design). Participation in architecture workshops, approvals, and design reviews. Recommendations on technical choices. Risk Monitoring and Governance Updating of risk registers. Follow-up of actions, decisions, acceptances and justifications Contribution to safety committees. Monitoring, repositories and standards Cyber monitoring (technical, regulatory and sectoral). Participation in the updating of safety policies, standards and guides, practice already observed. Candidate Profile: Risk analysis methodologies (ISO 27005, NIST RMF, optional EBIOS RM as it is a French ANSSI methodology a training will be performed by SSG France). In-depth knowledge of network, application and cloud architecture. Security best practices (OWASP, CIS Benchmarks, NIST SP 80053). Understanding of IAM/PAM, DevSecOps, API security. CRISC / CISSP certified ISO 27005 / CISM Transversal skills Ability to analyze and formalize. Autonomy, strength of proposal. Pedagogy and effective communication, in line with the profiles sought within the Group Good Communication & Stakeholder Management skills Qualifications Qualification & Certifications Engineering graduate - preferably B.E. /B.Tech in IT or Computer Engineering At least one Certification Preferred:- CRISC / CISSP certified ISO 27005 / CISM Additional Information At our organization, we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences. All of our positions are open to people with disabilities.

Responsibilities

The consultant will strengthen the cyber risk management system by performing cyber risk analysis, identifying and assessing vulnerabilities, defining remediation plans, and supporting project and operational teams in risk management activities. This includes internal risk analysis on applications and infrastructures, third-party risk analysis for service providers, and ongoing risk monitoring and governance.