Tech Risk - Consultant/Senior Consultant/Manager Level

Company Description

Sia Partners is a unique management consulting firm composed of 2000+ passionate consultants who drive business changes among our customers. Through unparalleled industry expertise, we deliver superior value and tangible results to our clients in over 21 sectors and service teams.

Financial institutions has drastically changed over the last decade and further evolutions are yet to come. Regulatory constraints have driven most of these transformations, but the disruptive revolution is much more complex and cannot be limited to the latter. Business models must be adapted within each business line and operating models must take into account industrial partnership, outsourcing or strategic alliances. Sia Partners assists its clients in coping with these transformations in order to improve their competitive advantages, flexibility productivity and profitability: strategic deployment, financial performance, business process optimization, digitalization, risk and regulatory adherence.

Sia Partners in Singapore is hiring! Thanks to Sia Partners’ international footprint, the Financial Services practice is strategically located in all major financial and energy hubs (New York, Charlotte, UK, Europe, and Asia Pacific) and our integrated model allows teams from different countries to easily partner, when appropriate.

Job Description

The Cyber Security and Tech Risk Consultant/ Senior Consultant/ Manager performs Cyber and IT Risk assessments, makes recommendations and implements steps to combat and identify cyber threats. S/he will conduct research and evaluate technical and all-source intelligence--with specific emphasis on network operations and cyber tactics, techniques, and procedures--focusing on the threat to networked weapons platforms and information networks.

The Analyst will correlate threat data from various sources and analyze network events to establish the identity and modus operandi of malicious users active in networks or posing potential threats to networks. S/he will work closely with other technical, forensic and incident management personnel to develop a fuller understanding of the intent, objectives and activity of cyber threat actors. Overall, s/he will work with our clients to help enhance their IT risk strategy, optimize risk management functions and improve controls and processes.

Business Communication

• Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
• Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users so that policy can align with need.
• Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks/hazards.
• Prepares assessments and cyber threat profiles of current events based on the sophisticated collection, research and analysis of classified and open source information.
• Produces high-quality papers, presentations, recommendations, and findings for Senior Level Management and Enterprise Technology Leaders.
• Provides briefings and presentations to customer leadership supporting Information Security and Network Operations decision making.

General Profile:

• Requires specialized depth and/or breadth of IT Risk expertise.
• Interprets internal or external business issues and recommends best practices.
• Collaborates with others to solve complex problems; uses sophisticated analytical thought to exercise judgment and identify innovative solutions.
• Works independently, with guidance in only the most complex situations.

Technical Expertise:

• Understand and utilize physical components, types of networks/operating systems/databases, protocols, and topologies.
• Must be well versed in the techniques that actors utilize to attack an organization and understand how to pull information from large data sets and how to structure information for reuse.
• Knowledge of collection and analysis methods as well as knowledge in multiple tools (e.g. Penetration Testing), mostly targeted to data correlation and technical areas.

Functional Knowledge:

• Interprets IT Risk business challenges, identifies trends and recommends best practices.

Business Knowledge:

• Able to articulate complex Cyber Threats to non-technical business leaders.
• Excellent verbal and written communication skills.
• Ability to train IT security concepts.
• Strong problem solving and analytical skills.

Leadership, Decision Making and Communication Requirements:

• Works independently and with minimal direction to identify emerging threats to network environments.
• Ability to react to high pressure dynamic changing environments.
• Team oriented, with the ability to work with diverse personnel within the intelligence capability.
• Makes decisions that have cross-functional impact.
• Understand how to turn requirements for intelligence into collection requirements, collect, prioritize, and store information from multiple intelligence disciplines.
• Communicates complex ideas; persuades and negotiates with others, often at senior levels, to adopt a different point of view.
• Have the ability to explain and defend the assessments and recommendations that are made.

Problem Solving:

• Collaborates with others to solve complex problems; uses sophisticated analytical thought and education and/or equivalent experience to exercise judgment and identify innovative solutions.
• Critical thinking: Demonstrates the ability to define the problem, apply root cause analysis on Cyber Security controls and propose recommended courses of action.

Qualifications

• 3-10 years’ experience in Information Technology Security or Risk from an IT Audit or IT Risk consulting background.
• Ideally a BA/BS in Information Technology Security, Cyber Intelligence or similar discipline.
• Experience in Data Visualisation e.g. Tableau, Cloud Security
• Familiarity with Technology Risks and Controls, Governance, Risk and Compliance tools.
• Knowledgeable in GRC tools configuration will be advantageous
• Advanced degree in the aforementioned academic areas of focus is a plus.
• Professional accreditations such as CISA are a plus.

Additional Information

Sia Partners is an equal opportunity employer. All aspects of employment, including hiring, promotion, remuneration, or discipline, are based solely on performance, competence, conduct, or business needs.