At SGV, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we’re counting on your unique voice and perspective to help SGV become even better, too. Join us and build an exceptional experience for yourself and a better working world for all.

The opportunity

We’re looking for an experienced Cybersecurity Strategy, Risk, and Compliance Associate with increasing hands-on experience in cybersecurity security, governance, risk, and compliance.

As part of our Cybersecurity Consulting team, you will help cyber transformation engagements to enhance the organization's security postures and identifies opportunities to improve organizational cybersecurity strategy, policy, and governance. You will perform current state security assessments and support target operating model definition, manage discussions, and propose approaches to aligning cybersecurity initiatives to strategic business objectives.

You will help validate that our client’s network, infrastructure, third parties, and applications are designed and implemented to the highest security standards and frameworks. To do this, you will be coordinating with security risk managers, architects, engineers, operations, and testers to assess, design, and implement security mitigation strategies. You will assess and advise on security and privacy frameworks, security policies, processes, and governance for conformance against security standards, industry practices, and regulatory obligations.

Our highly collaborative team is committed to each team member’s growth as our business grows. You will have the opportunity to learn from and be mentored by our diverse cybersecurity team.

Your Key Responsibilities:

You will work on various Security strategies, Risk and Compliance projects for our clients, or internal projects.

• As a team member, execute cyber security strategy, risk, and compliance projects with varying levels of complexity based on a defined approach and methodology. This may include:

• Conducting cyber transformation engagements to enhance security postures

• Conducting a maturity assessment and designing a security roadmap

• Performing security assessments of new and existing applications, vendors, or infrastructure

• Evaluating the compliance of clients against security standards such as ISO27001, NIST CSF, PCI DSS

• Developing policy, standards, and standard operating procedures

• Conducting information risk assessments (e.g., Crown Jewel identification and Risk Classification) and proposing appropriate mitigation strategies

• Designing cybersecurity dashboards

• Prepare reports, documents, and schedules that will be delivered to clients and other parties

• Conduct research to provide value-adding advice to the client

• Contribute ideas with the team to complete and improve project output

• Develop positive relationships with client personnel, peers, and management

• Participate in internal and external training, mentoring, learning, and certification opportunities

• Participate in organization-wide people initiatives

Skills and attributes for success

A successful candidate will need a combination of technical and communication skills, as well as the ability to handle a mix of disparate tasks.

• Technical knowledge. Able to demonstrate and apply security concepts; knowledge of system and application security threats and vulnerabilities; current and emerging threats/threat vectors; principles used to manage risks related to the use, processing, storage, and transmission of information or data; incident response and handling methodologies; methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection and remediation tools and procedures utilizing standards-based concepts and capabilities; the risk associated with new and emerging information technology (IT) and cybersecurity technologies

• Teaming. Able to build relationships across the business and promote a collaborative culture across teams

• Client relationship. Able to build deep relationships with clients to understand their challenges better and align the right solutions

• Innovative and transformative mindset. Able to understand complex problems and respond with innovative and transformative solutions

• Communication and presentation skills. Able to deliver high-quality deliverables articulated in written reports and communicated during presentations to both IT and business audiences.

• Project management. Able to apply project management skills to deliver service within time, cost, and scope

To qualify for the role, you must have:

• A bachelor’s degree in IT, computer science, computer engineering, management, business administration, or any related field

• At least 2 years of relevant experience in cybersecurity, risk management, compliance management, or internal audit with hands-on experience in auditing, testing, assessing, designing, or implementing cybersecurity frameworks or regulations such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, security-related BSP circulars

• Familiarity with security assurance reports such as ISO 27001 certificates, SOC1, SOC2, PCI DSS AOC reports

• Good understanding of security practices on vulnerability assessment, penetration testing, network security, security operations, software development

• Proficient in leading and coaching teams

• Strong communication and presentation skills

• Desire to learn new techniques, frameworks, and technologies

• Willingness to take cybersecurity certifications and external training

Optionally, you also have:

• Relevant professional certification such as CISSP, CISA, CISM, CEH, ISO 27001

• Experience in working in consulting roles, interacting with clients, third parties or security vendors

• Good understanding of web services, distributed systems or mobile applications

• Good understanding of secure software development lifecycle, DevSecOps

• Good understanding of cloud security and modern architecture

• Hands-on experience with IT security (application security, threat modeling, vulnerability assessment, penetration testing, security operations)

• Experience in working with GRC Technologies

What’s in it for you:

We offer a competitive renumeration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, benefits that suit your needs, covering holidays, health and well-being, insurance, savings, and a wide range of discounts, offers, and promotions. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.

• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

• Transformative leadership: We’ll give you the insights, coaching, and confidence to be the leader the world needs.

• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

The exceptional SGV experience. It’s yours to build.

Please refer to job description.