Job Summary

The proposed position is a critical member of the Technology Risk Assessment team within HCLTech’s Risk & Compliance Function. The role ensures that risks to HCLTech’s information assets are proactively identified, assessed, reported, on timely basis and in alignment with HCLTech’s Enterprise Risk Management and Global compliance frameworks.

With the increasing complexity of IT ecosystems and evolving cyber threat landscape, there is a heightened need for proactive identification and management of technology risks. The organization’s dependency on digital platforms, cloud environments, and third-party integrations has significantly expanded the potential attack surface. This position ensures that risks / vulnerabilities are identified, analysed, and mitigated in a timely and structured manner, thereby protecting the confidentiality, integrity, and availability of enterprise information assets. This position ensures structured identification, assessment, and closure of such risks, thereby strengthening HCLTech’s Cyber Security posture.

The candidate is also required to carry out Risk governance to ensure timely remediation of identified gaps/risks. Role will require building and maintaining working relationships with multiple business units, information technology teams, and engaging with various levels of senior management. Candidates in this role will also be expected to possess the technical aptitude necessary to understand the new threat landscape with respect to application security and IT security tools. Candidates will need to establish and maintain positive and productive relationships through ongoing dialogue with department direct reports, technical leads, internal business partners, senior management, and other interested parties. He/she will report status, manage issues, and mitigate risks, escalating issues/risks to upper management as appropriate.

Key Responsibilities

The role is expected to entrust the following responsibilities.

• Perform comprehensive cyber risk assessments across IT functions, tools, and processes to identify gaps and vulnerabilities.
  • Invoke connect with stakeholders for assessment related interviews,
  • Identify the scope and Initiate relevant Initial Data Request (IDR).
  • Initiate and manage risk registers, assessment reports, and governance dashboards.
  • Effective and timely communication of identified risks/gaps to the Assessees and validate the provided treatments plans for completeness and relevance.
  • Participate in regular connects with stakeholders and ensure data presented is correct and updated.
  • Validate the closures to ensure the identified risks are effectively managed.
  • Manage escalations, incidents, and complex problem
• Ensure risk governance and tracking. Engage with stakeholders to validate remediation plans and track progress through closure.
• Collaborate with Global IT, Risk & Compliance, and business functions to ensure alignment of risk mitigation strategies with enterprise objectives.
• Provide expert input on security standards and frameworks such as ISO 27001, NIST, PCI DSS, HIPAA, and SOC 2.
• Support management reporting through dashboards and risk metrics, enabling data-driven decision-making.
• Maintain awareness of emerging technologies and evolving threat vectors to ensure continuous improvement of the risk assessment process.

Participate in critical and high visibility projects.

Skill Requirements

Qualifications and Experience Preferred

• Educational Degree in Computer Engineering, Computer Science, or other IT related discipline
• Professional Qualifications - Désirable – CISSP, CRISC, CISA.
• Interested candidate should have knowledge and hands on experience on the IT security operation, concept, tools, and technologies.
• Working knowledge of NIST and other cyber security frameworks
• Experience 
  • 8+ years’ experience with Information security and cyber security standard and guideline like ISMS (ISO 27001-2013), NIST 800 – 53, CIS and IT general controls,
  • Experience developing Process and policies and performing ISMS / NIST, based risk assessment.
  • Desirable – 8 + years of work experience in various Cyber Security related domains such as (and not limited to)
    • Security Operations Centre (SOC),
    • Security tools implementation and configuration.
    • Vulnerability management (Infrastructure and application),
    • Penetration testing
    • Perimeter Security
    • Application security
    • Cloud security, IoT, Artificial technology.
    • Risk Governance
    • Other Cyber security domains.
    • Threat Hunting tools
    • Understanding of Cyber security risks, exploits, and vulnerabilities
  • A person must have solid hands-on experience and in depth understanding of the following areas:
    • Network Security (Firewalls, VPN, NAC, Wireless), Data Security (DLP, Web Filtering, DAM, APT, CASB, SIEM), Endpoint Security (AV, Encryption, Patch Management, Data Classification, FIM, EPM, EDR/XDR), IAM (APT, MFA, PAM, ADM, MAM), and Application Security (WAF, Proxy, VAPT, SAST/DAST).
    • Network - Configuration management, Network architecture, change management, problem management, data security, data backup, monitoring and log management, High Availability, Network segregation, patch management, data flow, Access mechanism and other configuration checks for secure operations.
    • Cloud Network – Understanding Network architecture, change management, problem management, data security, data backup, patch management, monitoring and log management, High Availability, Load balancing, Network segregation, data flow, access mechanism, encryption, and other configuration checks w.r.t IaaS, PaaS, SaaS deployment model for secure cloud operations.
    • Tools/Technologies - Understand Operational processes, configuration management, hardening, change process, availability & performance management, data flow mechanism, architecture, access mechanism and other security aspects.
  • Proficiency in all the infrastructure layers, hardware, OS, virtualization, storage, network, database and security
  • Candidate with previous experience of working with or in Blue/purple/Red teams will be preferred.
  • Stake holder and escalation management.
  • Strong written and verbal communication skills.

Solid understanding of NIST 800-53 and Cyber Security Framework CSF V1.1

Other Requirements

Problem Solving

The candidate will present the following challenges and an adequate response to which will require some of the following aptitudes.

• Interface with Global Information Technology team, Risk & Compliance organization, and other internal stakeholders.
  • Requires the ability to respond proactively within the scope of a global, fast-moving corporation.
  • Requires the ability to understand the requirement in details and act to minimize the risk of organization holistically.
• Manage escalations, incidents, and complex problems.
  • Requires the ability to judge the gravity of a situation and an awareness as to what one can to, personally to bring it to resolution, as well as when to seek assistance.
• Maintain professionalism, solution focus, and loyalty to R&C and the larger objectives of HCL
  • Requires the ability to distinguish between client interests and HCL interests and, knowing the distinction, to act in keeping with HCL’s best interests.

• Maintain a positive attitude and provide an example of model behaviours to junior staff, particularly those in R&C function