Governance/Risk & Compliance Lead - Information Security Team (8-15 yrs)
1 month ago
Job Purpose
- The person appointed will be part of the Information Security Team and responsible for developing, implementing, and managing the Information Security GRC program to ensure compliance with regulatory requirements, industry standards, and organizational policies.
- Initiate, run and manage information security governance, risk management, audits, and compliance with relevant regulations.
- Plan, initiate, coordinate, and run the Governance, Risk & Compliance activities, as well as producing the reports and presenting them to the CISO.
- Coordinating the resolution of outstanding security and IT audit issues, and tracking the overall risk and audit points, to keep the company's security risk at acceptable level.
Key Responsibilities
- Develop GRC Operating Model - Enterprise Security Risk Management, Compliance Management, Policy Management, Security Awareness Trainings, Third Party Risk Management, Metrics & Reporting.
- Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance aligned with the business objectives.
- Implement ISO 27001 and assist CISO in building the Information Security Management System (ISMS).
- Achieve and maintain ISO 27001 ISMS certification for the organisation.
- Develop a complete set of corporate Information Security policies and standards and continually monitoring the information security controls, KRIs/KPIs and technical landscape.
- Evaluates risks and develops security standards, procedures, and controls to manage risks.
- Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implements processes to automate and continuously monitor information security controls, exceptions, risks, testing.
- Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in GRC tool.
- Schedules regular assessments, testing of effectiveness, efficiency of controls and creates GRC reports.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, Digital Personal Data Protection (DPDP) Act, IT Act 2000, etc.
- Performs and investigates internal and external information security risk and exceptions assessments.
- Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports control failures and gaps to stakeholders.
- Provides remediation guidance and prepares management reports to track remediation activities.
- Remains current on best practices and technological advancements.
- Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices.
- Conduct regular information security risks reviews on IT assets and provision of exception/ exposure reporting & remediation plans to the CISO.
- Identify and communicate vulnerability and risk exposure to internal employees and key stakeholders, and senior management when deemed necessary.
- Review and ensure that new technology solutions and processes proposed comply with the Company's security policies as well as relevant regulations.
- Provide security requirements for new initiatives, perform and document gap analysis against such requirements.
- Participate in the development and maintenance of information security strategy, roadmap, and standards.
Experience
- 8-12 years of experience in Governance, Risk and Compliance including Risk assessment and management methodology.
- Knowledge of e-commerce industry applicable information security management, governance, and compliance principles, practices, laws, rules and regulations (GDPR, PCI-DSS, IT Act 2000, DPDP Act, etc).
- Understanding of Information security systems and processes, network infrastructure, data architecture, data processes, and protocols, cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, service orchestration, Information systems auditing, monitoring, controlling, and assessment process.
- Functional knowledge of the security domains and information security industry standard and best practices.
- Functional knowledge of ISMS governance models (ISO 27001 & NIST), Information security roles and security controls.
- Manage Internal & External Audits and closure on audit findings.
- Ability to communicate risk methodologies and concepts to the business.
- Demonstrated experience with controls definition, development, implementation and assessment.
Key Competencies/Behaviours
- Proactive, Influencer, Collaborative.
- Multi-tasking and time-management skills, with the ability to prioritize tasks.
- Highly organized and detail oriented.
- Excellent analytical and problem-solving skills.
- Ability to understand the problem clearly and provide solution with excellent communication skills.
- Strong Project Management skills - Manage the project to ensure quality deliverables are produced within timelines.
- Good communication and inter-personal relationship skills.
- Ability to understand new technologies and learn quickly.
-
Senior Red Team Lead
20 hours ago
Mumbai, India Security Lit Full timeJob Description:We are looking for a skilled and experienced professional to join our Information Security Governance team as a Senior Infrastructure, Application & Cloud Offensive Security Assessment expert. This role involves leading and executing comprehensive security assessments, including web application security testing, vulnerability assessment, and...
-
Senior Red Team Lead
2 days ago
Mumbai, India Security Lit Full timeJob Description:We are looking for a skilled and experienced professional to join our Information Security Governance team as a Senior Infrastructure, Application & Cloud Offensive Security Assessment expert. This role involves leading and executing comprehensive security assessments, including web application security testing, vulnerability assessment, and...
-
Information Security Officer
2 weeks ago
Bangalore/Hyderabad/Mumbai/Chennai, India Randstad India Full timeRole : Information Security Officer. Location : Work Type : Hybrid. Exp : 15 years experience in Information security. Information Security Officer. Job Description : As an Information Security Officer you'll be responsible for information security, making sure that Randstad standards are in place, reporting business risks, and aligning security...
-
Information Security Officer
3 weeks ago
Bangalore/Hyderabad/Mumbai/Chennai, IN Randstad India Full timeRole : Information Security Officer. Location : Work Type : Hybrid. Exp : 15 years experience in Information security. Information Security Officer. Job Description : As an Information Security Officer you'll be responsible for information security, making sure that Randstad standards are in place, reporting business risks, and aligning security...
-
Governance risk and Compliance
7 hours ago
mumbai, India PeopleLogic Full timeAbout the Customer Company is provides technology by means of a unique IT-as-a-Service model, offering end-to-end business solutions. About the Role Designation : Governance risk and Compliance Job Requirements Overview: The role is to lead IT and...
-
Senior Red Team Lead
6 hours ago
Mumbai, India Security Lit Full timeJob Description:We are looking for a skilled and experienced professional to join our Information Security Governance team as a Senior Infrastructure, Application & Cloud Offensive Security Assessment expert. This role involves leading and executing comprehensive security assessments, including web application security testing, vulnerability assessment, and...
-
IT Risk
1 week ago
mumbai, India JIGSERV Digital Full timeRole Details : The IT Risk & Control Governance Lead is a mid/ senior role within the bank responsible for overseeing and managing all aspects of IT risk and controls governance. This position requires a deep understanding of IT risk management, compliance, and regulatory requirements, as well as the ability to develop and implement effective governance...
-
Governance Risk and Compliance
4 weeks ago
Navi Mumbai, India Atos Full time**Publication Date**: Mar 20, 2023 **Ref. No**: 465682 **Location**: Mahape, Navi Mumbai, Maharasht, IN, 400710 Consultant - Experienced in managing cyber security services like Cyber Risk & Compliance consulting. - Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web...
-
IT Risk
2 weeks ago
Mumbai, India JIGSERV Digital Full timeRole Details :The IT Risk & Control Governance Lead is a mid/ senior role within the bank responsible for overseeing and managing all aspects of IT risk and controls governance. This position requires a deep understanding of IT risk management, compliance, and regulatory requirements, as well as the ability to develop and implement effective governance...
-
IT Risk
2 weeks ago
Mumbai, India JIGSERV Digital Full timeRole Details : The IT Risk & Control Governance Lead is a mid/ senior role within the bank responsible for overseeing and managing all aspects of IT risk and controls governance. This position requires a deep understanding of IT risk management, compliance, and regulatory requirements, as well as the ability to develop and implement effective governance...
-
IT Risk
3 weeks ago
Mumbai, Maharashtra, India JIGSERV Digital Full timeRole Details :The IT Risk & Control Governance Lead is a mid/ senior role within the bank responsible for overseeing and managing all aspects of IT risk and controls governance. This position requires a deep understanding of IT risk management, compliance, and regulatory requirements, as well as the ability to develop and implement effective governance...
-
Asst Vice President
5 days ago
Navi Mumbai, India talent leads Full timeJob Description :As a Senior Manager/AVP of IS & IT Governance, you will play a pivotal role in ensuring the effective governance, risk management, and compliance of the organization's information security and technology infrastructure. You will lead efforts to establish and maintain robust IT governance frameworks, policies, and procedures, ensuring...
-
Asst Vice President
6 days ago
Navi Mumbai, India talent leads Full timeJob Description :As a Senior Manager/AVP of IS & IT Governance, you will play a pivotal role in ensuring the effective governance, risk management, and compliance of the organization's information security and technology infrastructure. You will lead efforts to establish and maintain robust IT governance frameworks, policies, and procedures, ensuring...
-
Asst Vice President
6 days ago
Navi Mumbai, Maharashtra, India talent leads Full timeJob Description :As a Senior Manager/AVP of IS & IT Governance, you will play a pivotal role in ensuring the effective governance, risk management, and compliance of the organization's information security and technology infrastructure. You will lead efforts to establish and maintain robust IT governance frameworks, policies, and procedures, ensuring...
-
Asst Vice President
5 days ago
navi mumbai, India talent leads Full timeJob Description :As a Senior Manager/AVP of IS & IT Governance, you will play a pivotal role in ensuring the effective governance, risk management, and compliance of the organization's information security and technology infrastructure. You will lead efforts to establish and maintain robust IT governance frameworks, policies, and procedures, ensuring...
-
Am - Governance & Compliance
4 weeks ago
Mumbai, India TransUnion Full timeTransUnion's Job Applicant Privacy Notice **What We'll Bring**: We are one of India’s leading credit information company with one of the largest collections of consumer information. We aim to be more than just a credit reporting agency. We are a sophisticated, global risk information provider striving to use information for good. We take immense pride in...
-
Risk Compliance and Governance Analyst
3 weeks ago
mumbai, India Wipro Full timeRole Purpose The purpose of the role is to analyse security requirements anddesign security solutions towards protecting organization’s security assets. Do Analyse Risk and Compliance assurance to protect sensitiveinformation Identify Risk and compliance issues at all levels as per theupdates Analyse common compliance frameworks and ensurepolicies,...
-
Risk Compliance and Governance Analyst
4 weeks ago
Mumbai, India Wipro Full timeRole Purpose The purpose of the role is to analyse security requirements anddesign security solutions towards protecting organization’s security assets. Do Analyse Risk and Compliance assurance to protect sensitiveinformation Identify Risk and compliance issues at all levels as per theupdates Analyse common compliance frameworks and ensurepolicies,...
-
Governance, Risk, Compliance Sme
4 weeks ago
Mumbai, India Purview Services Full timeExperience: - 3 - 10 years- Qualification: - Job Location: - Mumbai- Job Type: - Contract- Skills: - Hands on experience in drafting policies, knowledge of ISO27001 and TPRM Areas- Vacancies: - 0**Job Posted**: Nov 03, 2023 | **Total views: 1** **Job Description**: - Job Overview The GRC SME role is to ensure that customer is in full compliance with the...
-
Cyber Security Governance
4 weeks ago
Mumbai, Maharashtra, India BT Full timeCyber Security Governance & Assurance Professional **Job Req ID**:29649**Posting Date**:9 Feb 2024**Function**:Security**Unit**:Networks**Location**:Jogeshwari (E), Mumbai, India**Salary**:Competitive**Why this job matters** The Cyber Security Governance & Assurance Professional supports the analysis, assessment, and deployment of security governance and...