Cybersecurity Technology Risk Consultant Job Description Cybersecurity Technology Risk Consultant Kimberly-Clark and its well-known global brands are an indispensable part of life for people in more than 150 countries.
Every day, 1.3 billion people - nearly a quarter of the world's population - trust K-C brands and the solutions they provide to enhance their health, hygiene, and well-being.
With brands such as Kleenex, Scott, Huggies, Pull-Ups, Kotex, and Depend, Kimberly-Clark holds No.1 or No.
2 share positions in more than 80 countries.
With a 135-year history of innovation, we believe in recruiting the best people and putting them in the right jobs so that they can do their best work.
If fresh thinking and a passion to win inspire you, come Unleash Your Power at Kimberly-Clark. Summary of role : The Cybersecurity Technology Risk Consultant will provide information security guidance and enforcement of CS&A guidelines to internal and external organizations (i.
e., IT delivery, Business functions, and Third-party vendors.). He / she will perform Vendor Cybersecurity Risk Assessments, identify gaps and define a remediation plan.
He / she will work alongside the Business Information Security Officer / s (BISOs) and assist them in evaluating cybersecurity needs of key stakeholders / Business partners and help to find solutions to issues related to cybersecurity risk.
These efforts will focus, and include but not limited to, data protection risk / threats to Kimberly-Clark IT Infrastructure, Mergers & Acquisitions (M&A), Emerging Technologies (Cloud, BYOD), Secure Supply Chain & Third-Party Vendor Risk;
to include information security compliance (HIPAA, SOX, PCI). The ideal candidate will need to be able to handle technical escalations and represent the organization in technically, politically, or challenging engagements.
Facilitate team operations and ongoing execution of work activity.
Backup all teammates in all engagements as necessary / warranted. Responsibilities :
Partner with the CISO / BISO organization, Strategy, Operations and Engineering, and IT Business Partners to understand the Kimberly-Clark business and help minimize cybersecurity risks with existing solutions and new initiatives
Work closely with IT Business Partners and Enterprise Architects in designing system solutions following a risk-based approach and ensure the solution is aligned with internal controls and security policies
Support and facilitate the IT cybersecurity vendor risk assessment process, driving automation and improvement with third-party risk evaluation to aid in efficiency with identifying risk
Develop criticality levels for third-party vendors following a standard risk-based approach
Support stakeholders with remediation of risk, gaps or issues identified during the vendor cyber security risk assessment that exceeds the risk tolerance of the company
Collaborate with the Sales, Marketing, Supply Chain, HR, Legal and Finance organization to evaluate third-party vendor cybersecurity risks and provide guidance for remediation
Ability to develop technical white papers and best practice guidelines to achieve consistency with applying and enforcing security policy
Provide assistance with Threat Modeling, Penetration Testing, SDL, Code Security Reviews and Cloud security reviews
Collaborate with Kimberly-Clark Legal team to understand global data privacy / protection requirements
Maintain a broad understanding of compliance across applications and networks for PCI, HIPAA, PII, and SOX Qualifications :
Bachelor’s degree required, preferably in computer science or information systems
6+ years of Information Security, with a background in cybersecurity and compliance experience
Experience working in Agile or Waterfall methodology and an understanding of phased approaches to the Software Development Life Cycle
Ability to communicate clearly and effectively with both technology / development and business partners; strong technical communication skills, both written and verbal;
ability to explain technical security concepts to stakeholders in non-technical business language
Experience working in a matrix model, as the technology risk consulting team supports operational and transformational efforts globally across Kimberly-Clark
Service level management experience
Knowledge and experience of Information Security Risk and Security governance Preferred qualifications :
While experience in several IT disciplines may provide a solid framework for this position, hands-on results from performing IT risk assessments, information security consulting or IT audits are most beneficial
Experience in the following regulations and frameworks : PCI, ISO 27001 / 2, SOC / SSAE 18, HIPAA, GLBA, NIST 800
Security certifications such as CISSP, CISM, CEH, CISA, etc.
are a plus. Global VISA and Relocation Specifications : K-C requires that an employee have authorization to work in the country in which the role is based.
In the event an applicant does not have current work authorization, K-C will determine, in its sole discretion, whether to sponsor an individual for work authorization.
However, based on immigration requirements, not all roles are suitable for sponsorship. This role is available for local candidates already authorized to work in the role’s country only.
K-C will not provide relocation support for this role. Primary Location IT Centre Bengaluru GDTC Additional Locations Worker Type Employee Worker Sub-Type Regular Time Type Full time