Location: Bangalore, India

Department: Cybersecurity Risk & Compliance

Experience: 4-8 years

Job Type: Full-time

Job Summary:

We are seeking a highly experienced NIST Implementer to lead and execute cybersecurity

frameworks and compliance programs based on NIST CSF 1.1, NIST CSF 2.0, NIST 800-53, NIST 800-

30, NIST 800-37, and NIST Risk Management Framework (RMF).

We are looking for immediate joiners who can bring practical experience in implementing and managing

NIST-based security programs for enterprise clients.

Key Responsibilities:

NIST Framework Implementation and Cybersecurity Compliance & Governance

• Implement NIST Cybersecurity Framework (CSF 1.1 & CSF 2.0), NIST 800-53, and NIST RMF

across enterprise environments.

• Conduct NIST gap assessments, risk assessments, and maturity modelling to evaluate an

organization’s security posture.

• Align NIST 800-53 controls with business processes and regulatory requirements.

• Perform bidirectional mappings between C2M2 and NIST CSF to evaluate control alignment.

• Ensure security controls align with ISO 27001, CIS Controls, ITGC, ITAC.

• Develop and implement security policies, procedures, and guidelines based on NIST standards.

• Develop maturity models based on NIST CSF and C2M2 frameworks.

• Establish C2M2-to-CSF and CSF-to-C2M2 mappings to assess cybersecurity maturity.

• Apply NIST OLIR (Online Informative References) guidelines for framework integration.

Stakeholder Engagement & Security Advisory

• Work closely with C-level executives, security teams, auditors, and regulators to ensure

compliance.

• Prepare risk reports, dashboards, and technical assessments for stakeholders.

• Provide security training and awareness to teams on NIST implementation.

Requirements:

Education & Expertise:

• Bachelor’s or master’s degree in computer science, Cybersecurity, Information Technology, or

related fields.

• Deep knowledge of NIST frameworks:

• NIST CSF 1.1 & 2.0, NIST 800-53, NIST 800-30, NIST 800-37, NIST RMF.

• NIST gap assessments, security control implementation, and maturity modelling.

• C2M2-to-CSF and CSF-to-C2M2 bidirectional mappings.

• Experience in controls testing, security control validation, and effectiveness assessment.

• Strong understanding of regulatory frameworks (ISO 27001, SOC 2, PCI DSS, RBI, SEBI,

GDPR).

• Expertise in cyber risk assessment methodologies, cloud security (AWS, Azure, GCP), and IT

governance.

• Technical Control- ToD ( Test of Design) , ToE (Test of Effectiveness).

Certifications (Preferred):

CISSP, CISM, CISA, CRISC, CCSP, CGEIT, ISO 27001 LI/LA, AWS Security Specialty, Azure Security

Engineer.