Cyber Security ITRM Consultant

Sopra Steria is seeking an experienced Information Technology Risk Management Consultant to join our team in Chennai, Tamil Nadu. This senior-level role requires 8-12 years of experience and a strong educational background (B.E./B.Tech./MCA). As an IT Risk Management Consultant, you will be instrumental in developing, implementing, and maintaining our organization's IT Risk Management framework. Your primary focus will be on identifying, assessing, and mitigating risks to safeguard information assets, ensure compliance with regulations, and improve overall IT governance.

The ideal candidate will possess a profound understanding of risk frameworks, threat modeling, control evaluation, and Governance, Risk, and Compliance (GRC) tools, complemented by exceptional stakeholder management skills. You will be responsible for conducting comprehensive risk assessments, including risk identification, impact analysis, heatmap/matrix creation, inherent vs. residual risk scoring, and control gap analysis. Furthermore, you will perform threat modeling, develop detailed risk scenarios for IT infrastructure, applications, and cloud environments, and ensure IT risk practices align with industry standards such as ISO 27005/27001, NIST RMF, PCI DSS, and DORA.

Your duties will include evaluating and maintaining IT controls and security posture, recommending improvements, supporting internal and external IT audit processes, and ensuring timely remediation of findings. Collaboration with GRC teams using platforms like ServiceNow GRC and RSA will be key for tracking and managing risk compliance workflows. You will also be responsible for preparing and presenting risk dashboards, Key Risk Indicators (KRIs), and management reports to senior leadership.

Desired skills include proven experience in IT Risk Management frameworks, threat modelling, and risk scenario planning, alongside a strong understanding of regulatory requirements and compliance frameworks. Expertise in GRC platforms such as ServiceNow GRC and RSA, and proficiency in risk scoring methodologies and control gap analysis are essential. Preferred certifications include CRISC or CISSP, with PMI-RMP and ISO 27001/27005 Risk Manager certifications being optional.

This position requires openness to working European shift hours. Sopra Steria is committed to fostering an inclusive and respectful work environment, free from all forms of discrimination. All our positions are open to individuals with disabilities.