Role Overview 

Key Responsibilities 

Cybersecurity Consulting 

• Lead end-to-end cybersecurity consulting engagements.  
• Conduct Cybersecurity Maturity Assessments.  
• Develop Cybersecurity Strategies and Roadmaps.  
• Perform Gap Assessments against industry standards.  
• Conduct Executive Security Reviews and Board-level presentations.  
• Develop enterprise-wide cybersecurity governance frameworks.  
• Provide cybersecurity advisory services to clients. 

  Cybersecurity Governance 

• Develop, implement, and maintain enterprise-wide Information Security Governance Framework.  
• Establish cybersecurity policies, standards, procedures, and guidelines.  
• Define cybersecurity strategy aligned with organizational objectives.  
• Present cybersecurity posture, risk metrics, and compliance status to executive leadership.  
• Lead cybersecurity steering committee meetings.  
• Develop cybersecurity roadmaps and maturity improvement plans.  
• Ensure cybersecurity initiatives support business growth and digital transformation.  

Risk Management 

• Develop and manage Cyber Risk Management Framework.  
• Conduct enterprise-wide cyber risk assessments.  
• Identify, assess, and prioritize cybersecurity risks.  
• Maintain Cyber Risk Register and Risk Treatment Plans.  
• Perform Business Impact Analysis (BIA).  
• Conduct threat and vulnerability assessments.  
• Evaluate emerging cyber threats and recommend mitigation strategies.  
• Track remediation activities and risk reduction initiatives.  

Compliance & Regulatory Management 

• Ensure compliance with:  
• ISO 27001  
• NIST Cybersecurity Framework  
• CIS Controls  
• IEC 62443 
• GDPR  
• DPDP Act 
• SOC 2  
• PCI-DSS  
• HIPAA 
• Lead compliance audits and certification programs.  
• Coordinate internal and external auditors.  
• Ensure timely closure of audit observations.  
• Monitor regulatory changes affecting cybersecurity requirements.  

  Security Audit & Assessment Management 

• Lead:  
• Vulnerability Assessments  
• Penetration Testing (VAPT)  
• Red Team Exercises  
• Configuration Audits  
• Security Architecture Reviews  
• Coordinate remediation activities.  
• Track closure of identified vulnerabilities.  
• Validate effectiveness of security controls.  

Security Awareness & Training 

• Develop organization-wide security awareness programs.  
• Conduct phishing simulations.  
• Deliver cybersecurity training to employees and leadership teams.  
• Promote cybersecurity culture across the organization.  

Incident Response & Cyber Resilience 

• Support Cyber Incident Response Program.  
• Participate in cyber incident investigations.  
• Lead post-incident reviews and root cause analysis.  
• Develop cyber resilience and recovery strategies.  
• Conduct tabletop exercises and crisis simulations.  

Security Metrics & Reporting 

• Define Cybersecurity KPIs and KRIs.  
• Develop executive dashboards.  
• Report:  
• Risk posture  
• Compliance status  
• Vulnerability trends  
• Incident trends  
• Audit findings  
• Third-party risk status  
• Present cybersecurity updates to senior management and board members.  

Security Operations Center (SOC) 

• Lead SOC establishment and transformation projects.  
• Design SOC operating models (In-house, Co-managed, Managed SOC).  
• Define SOC architecture and technology stack.  
• Develop SOC governance and operational procedures.  
• Establish SOC processes aligned with NIST and MITRE ATT&CK frameworks.  
• Create SOC maturity assessment models. 
• Hands-on experience in implementation and optimization of SIEM. 

Client Engagement & Business Development 

• Act as Cybersecurity Subject Matter Expert (SME).  
• Participate in pre-sales discussions and solution design.  
• Conduct customer workshops and executive briefings.  
• Prepare Statements of Work (SOWs).  
• Develop proposals and technical responses for RFPs/RFQs.  
• Identify opportunities for managed security services.  
• Support revenue growth and practice development. 

Team Management 

• Lead and mentor SOC Analysts, Security Engineers, and GRC Consultants.  
• Review project deliverables.  
• Establish consulting methodologies and best practices.  
• Manage project timelines and client expectations.  
• Conduct technical and career development coaching. 

Governance & Compliance 

• ISO 27001 ISMS  | NIST CSF  | CIS Controls  
• IEC 62443  | SOC 2  |  PCI-DSS  
• GDPR   |  DPDP Act  |  COBIT  
• ITIL  

Risk Management 

• Enterprise Risk Management  
• Cyber Risk Assessment  
• Risk Quantification  
• Vendor Risk Assessment  
• Business Continuity Planning (BCP)  
• Disaster Recovery (DR)  

Security Technologies 

• SIEM Solutions  
• EDR/XDR  
• Firewalls  
• IDS/IPS  
• DLP  
• IAM/PAM  
• Vulnerability Management Tools  
• Cloud Security Platforms  

Cloud Security 

• Microsoft Azure  
• AWS  
• Google Cloud  
• Microsoft Defender Suite  
• Microsoft Sentinel 

  Certifications (Preferred) 

• CISSP |  CISM  |  CRISC |  CISA  
• ISO 27001 Lead Implementer or Auditor 
• CCSP | CISSP 
• Microsoft Certified Security Operations Analyst  
• Microsoft Certified Cybersecurity Architect 

Ideal Candidate Profile 

• 7 + years of cybersecurity and GRC experience.  
• Experience leading enterprise cybersecurity programs.  
• Strong exposure to both IT and OT cybersecurity environments.  
• Proven experience managing ISO 27001 certification and cybersecurity audits.  
• Experience conducting VAPT, Red Team, and Risk Assessments.  
• Strong stakeholder management and board-level presentation skills.  

 About BXI Tech