Cyber Security ITRM Consultant

About Sopra Steria
Sopra Steria, a major Tech player in Europe with 50,000 employees in nearly 30 countries, is recognised for its consulting, digital services and solutions. It helps its clients drive their digital transformation and obtain tangible and sustainable benefits. The Group provides end-to-end solutions to make large companies and organisations more competitive by combining in-depth knowledge of a wide range of business sectors and innovative technologies with a collaborative approach. Sopra Steria places people at the heart of everything it does and is committed to putting digital to work for its clients in order to build a positive future for all. In 2024, the Group generated revenues of €5.8 billion.
The world is how we shape it.

Position: Information Technology Risk Management Consultant 
Location: Chennai
Experience: 8-12 years
Education: B.E./ B.Tech./MCA

Role Overview

Responsible for developing, implementing, and maintaining the organisation’s IT Risk Management framework. This role focuses on identifying, assessing, and mitigating risks to protect information assets, ensure regulatory compliance, and enhance overall IT governance. The position requires a deep understanding of risk frameworks, threat modelling, control evaluation, and GRC tools, combined with strong stakeholder management skills.

Job Profile:

• Conduct comprehensive risk assessments: identification, impact analysis, heatmap/matrix creation, inherent vs. residual risk scoring, and control gap analysis.
• Perform threat modelling and develop detailed risk scenarios for IT infrastructure, applications, and cloud environments.
• Align IT risk practices with industry frameworks and standards (ISO 27005/27001, NIST RMF, PCI DSS, DORA).
• Evaluate and maintain IT controls and security posture, recommending enhancements where necessary.
• Support internal and external IT audit processes, ensuring timely remediation of findings.
• Work with GRC teams (ServiceNow GRC, RSA) to track and manage risk compliance workflows.
• Prepare and present risk dashboards, KRIs, and management reports to senior leadership.

Desired Skills

• Proven experience in IT Risk Management frameworks, threat modelling, and risk scenario planning.
• Strong understanding of regulatory requirements and compliance frameworks.
• Expertise in GRC platforms (ServiceNow GRC, RSA).
• Proficiency in risk scoring methodologies and control gap analysis.

Preferred Certifications

1. CRISC – Certified in Risk and Information Systems Control / CISSP - Certified Information Systems Security Professional (Preferred)
2. PMI-RMP – Project Management Institute Risk Management Professional (Optional)
3. ISO 27001 / 27005 Risk Manager Certification (Optional)

Should be open to work in European shift hours.

At our organization, we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.

All of our positions are open to people with disabilities.