Consultant - Security Strategy & Risk Management Segrate

Consultant - Security Strategy & Risk Management
Segrate
Lombardia, Segrate

Why Kyndryl

Our world has never been more alive with opportunities and, at Kyndryl, we're ready to seize them.

We design, build, manage and modernize the mission-critical technology systems that the world depends on every day.

Kyndryl is at the heart of progress — dedicated to helping companies and people grow strong.

Our people are actively discovering, co-creating, and strengthening.

We push ourselves and each other to seek better, to go further, and we carry this energy to our customers.

At Kyndryl, we want you to keep growing, and we'll provide plenty of opportunities to make that happen.

**Your Role and Responsibilities

This position requires also a good experience in Service Assurance with capability for consulting on Governance, Risk management, and Compliance to help engage and consult with clients on their transformation journey.

Advise clients on complex business issues from strategy to execution, in particular:

- Assess and benchmark current client Security maturity

- Consult and support Client in defining the proper Security strategy aligned with the evolving Business and IT strategy

- Provide support to client and account team in the identification and resolution of security, risk, and compliance issues.

- Provide advice on security exposures, recommending corrective actions; interact & consult with delivery and service management teams to provide advice and guidance on customer service delivery in the area of security controls.

- Make recommendation to implement new or optimize existing GRC technology platform.

- Designing, implementing, and/or assessing risk and compliance processes, understanding the systems implementation lifecycle.

- Advise clients on regulatory requirements (e. g. , ISO, NIST, PCI DSS, SANS CSC, SOX, GDPR, BASEL, COBIT etc.

)

- Establish strong client relationships in key accounts to help progress the execution of their security strategy

**Required Technical and Professional Expertise

5+ years of experience in Security consultancy with large organizations/clients

- 3+ years of experience in more than one of the following GRC frameworks; enterprise risk management, internal audit, regulatory compliance management, policy management, third party risk management

- Deep knowledge with regulatory compliance models and frameworks (e. g. , ISO, NIST, PCI DSS, HIPAA, SANS CSC, SOX, GDPR, BASEL, COBIT etc.

)

- Experience in Security architecture and services from major Cloud Hyperscalers.

- Ability to translate business requirements into written technical cyber security control specs.

- At least 5 years of experience in interfacing at multiple levels of client management and building relationships

- Stakeholder management and interpersonal skills at both a technical and non-technical level.

- Must be willing to travel up to 50%, depending on client requirements.

- English: Fluent

- Strong critical thinking and analytical skills and ability to think "out of the box" required.

- Must be able to work independently or with a team, under minimum supervision.

General Professional skills:

- Environment: Professional knowledge of function, business unit or country operations.

Understand organizational resources, priorities, needs and policies.

- Communication/Negotiation: Guide other professionals.

Adapt communications and approaches to conclude negotiations with various partners, resulting in common agreements.

- Problem Solving: Analyze complex/new situations, anticipate potential problems and future trends, assess opportunities, impacts, and risks.

Develop and implement solutions.

- Contribution/Leadership: Leads multi-functional teams, or conducts special projects, or manages department(s) (national or international).

Has vision of functional or unit mission.

Influences people and organizations, including executive management, when issues are complex/difficult and require considerable diplomacy.

Considerable latitude in responsibilities to define and decide on tools, processes, priorities and resources following general business unit directives.

- Impact on Business/Scope:Accountable for projects or programs involving multi

- functional, country-wide or regional teams.

Responsible for overall functional program success. .

**Preferred Technical and Professional Experience

- MBA or master's degree.

- At least 2-year experience in information security consulting working for International Recognized consulting firms.

- One or more security certifications: CISSP, CISA, CISM, CRISC, CCISO, CEH, Security+, GIAC GMON, GIAC GSEC, ISO27K, etc.

- Cloud Security Certification from major cloud providers (AWS, Azure, GCP, )

- Experienced project / program management, including complex programs.

**Required Education

Bachelor's Degree

**Preferred Education

Master's Degree

Kyndryl is committed to creating a diverse environment and is proud to be an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to race, col