Security Consultant - Risk & Compliance

Introduction

At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.

Your role and responsibilities

In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.

A career in IBM Consulting embraces long-term relationships and close collaboration with clients across the globe.
You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including IBM Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

As a Security Consultant, you'll unleash your exceptional technical prowess to gather and analyze business and technical requirements, skillfully crafting and implementing resilient Enterprise-wide Access Management processes and procedures.

As an member of our consulting team, your contributions will be crucial in establishing comprehensive security measures, ensuring the safeguarding of our clients' invaluable intellectual property and assets. Your responsibilities may encompass:

• Execute consulting engagements in the areas of Security Strategy Risk and Compliance.

• Conduct a continuous assessment of current IT security practices and systems and identify areas for improvement.

• Design and development of security policies, standards and procedures in accordance with Organization goals.

• Evaluate and advise on the implementation and effectiveness of the cybersecurity safeguards to ensure that they provide the intended level of protection.

• Perform risk assessments to identify gaps in compliance to information security standards and policies and devise strategies and implement controls to minimize the risk

• Proactively identify risks and escalate to project stakeholders.

• Data security governance, data classification, data security design, security management, vulnerability management, personal information compliance and protection consulting.

• Ensure quality delivery as per IBM/client requirements.

• Perform third party risk assessments

• Actively establish & strengthen relationships with external and internal customers.

• Assist in developing knowledge assets such as methodologies, templates, white papers etc.

• Be a team player and develop junior members in the team.

• Identify potential business opportunities on existing consulting engagements.

• Prior consulting experience preferred, with strong business acumen, client management skills, and the ability to balance organizational priorities with client needs and evolving requirements.
• In-depth knowledge and experience in various Information security standards / regulations / best practices (ISO-27001, COBIT, PCI-DSS, GDPR, HIPAA, SOC2, etc.)

• In-depth knowledge and proven experience in developing, implementing, and maintaining security policies, standards, procedures, and guidelines, with a strong focus on regulatory compliance, data protection, and privacy requirements, aligned with organizational goals and industry best practices.
• Experience in conducting risk assessments to identify gaps in compliance with information security standards and policies. Ability to devise strategies and implement controls to minimize the risk.

• Strong knowledge and technical expertise across multiple security domains, including security architecture and design, infrastructure and network protection, identity and access management (IAM), application security, endpoint protection, incident detection and response, and vulnerability management.
• Good understanding of cloud security requirements.

• Strong background in Internal Controls, IT General Controls (ITGC), and Application Controls audits, with hands-on experience using GRC platforms such as OpenPages, OneTrust, Archer, Process Unity, among others.

• Proficient in developing dashboards and reports using Power BI, Excel, Tableau, ServiceNow, and GRC platform-embedded solutions.
• Experience implementing and leveraging Agentic AI and Generative AI solutions to optimize processes and improve efficiency.
• Independent, proactive, and self-driven with a strong sense of ownership and accountability.