Security Consultant-Security Strategy, Risk & Compliance Services

Introduction

You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your role and responsibilities

Key Responsibilities

• Collaborate, organize, and engage with the client, key stakeholders and technical leads on clarifications or requirements for required security compliance process for the system to Go-live successfully.

• Monitor and track the allocation and utilization of the project teams with the project manager to ensure the correct staffing plan for the security compliance review/ assessment processes

• Provide guidance and support as required on security and compliance process.

• Provide baseline security requirements to the solution architects during the requirements gathering process for the projects

• Review justification, time extension, or waiver of the documents/ findings with the respective teams (PM, tech project leads and Solution Architects)

• Assist with the preparation of the technical slide decks and review with the IBM solution/ delivery team as per the client compliance template with baseline security requirements

• Consolidate and maintain centralized guides and templates for the platform

• Conduct security briefing to educate the IBMers working in the premise

Required technical and professional expertise

Core Skills

• Security Compliance & Governance

• Strong knowledge of security standards and frameworks (e.g., ISO 27001, NIST CSF, CIS Controls).

• Familiarity with regulatory requirements (e.g., government-specific frameworks such as IM8).

• Experience in policy compliance, security audits, and assurance activities.

• Technical Security Knowledge

• Understanding of security architecture, system hardening, cloud security controls, and secure development lifecycle.

• Familiarity with vulnerability management and remediation tracking.

• Ability to interpret technical security assessments and translate into compliance actions.

• Stakeholder & Project Engagement

• Strong communication skills to collaborate with project managers, solution architects, technical leads, and clients.

• Ability to review and negotiate risk acceptance, security waivers, and compliance justifications.

• Experience in conducting security briefings, workshops, or training sessions.

• Documentation & Process Management

• Skilled at creating and maintaining compliance templates, centralized security guides, and reporting artifacts.

• Ability to prepare technical slide decks, reports, and executive summaries for senior stakeholders.

*

Experience

• Years of Experience: Typically 5-7 years in cybersecurity, with at least 3-5 years in a compliance, governance, or security assurance leadership role.

• Project/Program Involvement: Proven experience in managing compliance requirements for large IT or cloud transformation projects, ensuring systems go-live securely.

• Cross-Functional Engagement: Experience working closely with solution architects, delivery managers, and business stakeholders in regulated environments.

• Industry Exposure: Experience in highly regulated industries (finance, healthcare, government, defense, or critical infrastructure) would be highly valued.

Preferred technical and professional experience

Qualifications & Certifications

• Educational Background: Degree in Computer Science, Cybersecurity, Information Security, or related discipline.

• Certifications (Preferred):

• CISSP, CISM, or CISA

• ISO 27001 Lead Implementer or Auditor

• CCSP, CCSK, or cloud provider certifications (AWS/Azure/GCP Security)

• ITIL or PMP

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.