Governance/Risk & Compliance Lead - Information Security Team (8-15 yrs)
1 month ago
Job Purpose
- The person appointed will be part of the Information Security Team and responsible for developing, implementing, and managing the Information Security GRC program to ensure compliance with regulatory requirements, industry standards, and organizational policies.
- Initiate, run and manage information security governance, risk management, audits, and compliance with relevant regulations.
- Plan, initiate, coordinate, and run the Governance, Risk & Compliance activities, as well as producing the reports and presenting them to the CISO.
- Coordinating the resolution of outstanding security and IT audit issues, and tracking the overall risk and audit points, to keep the company's security risk at acceptable level.
Key Responsibilities
- Develop GRC Operating Model - Enterprise Security Risk Management, Compliance Management, Policy Management, Security Awareness Trainings, Third Party Risk Management, Metrics & Reporting.
- Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance aligned with the business objectives.
- Implement ISO 27001 and assist CISO in building the Information Security Management System (ISMS).
- Achieve and maintain ISO 27001 ISMS certification for the organisation.
- Develop a complete set of corporate Information Security policies and standards and continually monitoring the information security controls, KRIs/KPIs and technical landscape.
- Evaluates risks and develops security standards, procedures, and controls to manage risks.
- Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implements processes to automate and continuously monitor information security controls, exceptions, risks, testing.
- Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in GRC tool.
- Schedules regular assessments, testing of effectiveness, efficiency of controls and creates GRC reports.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, Digital Personal Data Protection (DPDP) Act, IT Act 2000, etc.
- Performs and investigates internal and external information security risk and exceptions assessments.
- Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports control failures and gaps to stakeholders.
- Provides remediation guidance and prepares management reports to track remediation activities.
- Remains current on best practices and technological advancements.
- Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices.
- Conduct regular information security risks reviews on IT assets and provision of exception/ exposure reporting & remediation plans to the CISO.
- Identify and communicate vulnerability and risk exposure to internal employees and key stakeholders, and senior management when deemed necessary.
- Review and ensure that new technology solutions and processes proposed comply with the Company's security policies as well as relevant regulations.
- Provide security requirements for new initiatives, perform and document gap analysis against such requirements.
- Participate in the development and maintenance of information security strategy, roadmap, and standards.
Experience
- 8-12 years of experience in Governance, Risk and Compliance including Risk assessment and management methodology.
- Knowledge of e-commerce industry applicable information security management, governance, and compliance principles, practices, laws, rules and regulations (GDPR, PCI-DSS, IT Act 2000, DPDP Act, etc).
- Understanding of Information security systems and processes, network infrastructure, data architecture, data processes, and protocols, cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, service orchestration, Information systems auditing, monitoring, controlling, and assessment process.
- Functional knowledge of the security domains and information security industry standard and best practices.
- Functional knowledge of ISMS governance models (ISO 27001 & NIST), Information security roles and security controls.
- Manage Internal & External Audits and closure on audit findings.
- Ability to communicate risk methodologies and concepts to the business.
- Demonstrated experience with controls definition, development, implementation and assessment.
Key Competencies/Behaviours
- Proactive, Influencer, Collaborative.
- Multi-tasking and time-management skills, with the ability to prioritize tasks.
- Highly organized and detail oriented.
- Excellent analytical and problem-solving skills.
- Ability to understand the problem clearly and provide solution with excellent communication skills.
- Strong Project Management skills - Manage the project to ensure quality deliverables are produced within timelines.
- Good communication and inter-personal relationship skills.
- Ability to understand new technologies and learn quickly.
-
IT Risk
3 weeks ago
Mumbai, Maharashtra, India JIGSERV Digital Full timeRole Details :The IT Risk & Control Governance Lead is a mid/ senior role within the bank responsible for overseeing and managing all aspects of IT risk and controls governance. This position requires a deep understanding of IT risk management, compliance, and regulatory requirements, as well as the ability to develop and implement effective governance...
-
Asst Vice President
5 days ago
Navi Mumbai, Maharashtra, India talent leads Full timeJob Description :As a Senior Manager/AVP of IS & IT Governance, you will play a pivotal role in ensuring the effective governance, risk management, and compliance of the organization's information security and technology infrastructure. You will lead efforts to establish and maintain robust IT governance frameworks, policies, and procedures, ensuring...
-
Chief Information Security Officer
3 weeks ago
Navi Mumbai, Maharashtra, India iimjobs Full timeRole Overview:To manage and oversee the information security of a company, inclusion its systems and data. Assure that information created, acquired or maintained by Org and its authorized users, is in accordance with its intended purpose and complies with statutory and regulatory requirements regarding information access, security and privacy in order to...
-
Technical Manager
3 weeks ago
Mumbai, Maharashtra, India Yo HR Consultancy Full timeRoles : Manager-Tech Risk+ Regulatory ComplianceExperience : 7 to 10 YearsJob Having worked on Information Technology Risk Assessment areas such as -ISO27001, PCI-DSS, COBIT, etc.- Knowledge and experience on Regulatory assessments for BFSI (E.g. RBI, SEBI guidelines based review). Global guidelines knowledge an advantage- Experience of handling IT audits...
-
IAM Governance Manager
3 weeks ago
Mumbai, Maharashtra, India WTW Full timeSummary:Willis Towers Watson (WTW) Information & Cyber Security (ICS) requires an experienced IAM Governance Manager to work within the Identity and Access Management function.As an experienced information security professional, you will be responsible for leading an internationally dispersed team, support the Global Head of IAM in developing the Identity...
-
IT Compliance Manager
3 weeks ago
Mumbai, Maharashtra, India JIGSERV Digital Full timeRole Details:The IT Compliance Manager is responsible for ensuring that the bank's IT systems and processes adhere to regulatory requirements and industry standards. This role involves developing and implementing IT compliance strategies, managing audits, and collaborating with various departments to maintain a robust compliance framework.Job Description...
-
Manager - IT Risk & Regulatory Compliance
2 weeks ago
Mumbai, Maharashtra, India Yo HR Consultancy Full timeRole : Manager-Tech Risk+ Regulatory ComplianceExperience : 7 to 10 yearLocation : MumbaiMust Have : Mandatory Skills :- Technical Risk- Regulatory Compliance- IT Risk assessment- Presentation Skills- Report Writing Skills- Stakeholder ManagementAdditional Skills :- CISA- CISSP- ISO 27001- Problem solving skillsJob description :Technical :- Having worked on...
-
Manager - IT Governance
3 weeks ago
Mumbai, Maharashtra, India Hunt and badge consulting pvt ltd Full timeJob Description :The Manager - Governance, Risk, Audit, and Compliance Manager will play a pivotal role in ensuring the organization's adherence to regulatory requirements, effective risk management, and robust internal controls through comprehensive audit procedures.Tasks and Responsibilities :Regulatory Compliance :- Monitor changes in relevant laws,...
-
AVP/DVP - Data Security - NBFC (10-15 yrs)
3 weeks ago
Mumbai, Maharashtra, India iimjobs Full timeDevelop and maintain data security policies, standards, and procedures in compliance with regulatory requirements (e.g., RBI guidelines, GDPR, etc.) and industry best practices. Conduct regular risk assessments to identify vulnerabilities and threats to data confidentiality, integrity, and availability. Design and implement security controls, including...
-
Vertical Head
4 weeks ago
Navi Mumbai, Maharashtra, India iimjobs Full timeDevelop the IS Audits strategy encompassing Information Technology (IT) Infrastructure, Information Security and IT Applications Audits covering the key Information System areas (such as Cyber Security, Applications Security, Data Security, Cloud Security, Vulnerability Assessment & Penetration Testing, Network Security, Data Privacy, Data Centre, Logical...
-
Lead Compliance
3 weeks ago
Mumbai, Maharashtra, India iimjobs Full timeReporting to:Functional reporting to Chief Compliance Officer and dotted reporting to the Head Digital HubJob Purpose :The Lead Compliance role at a Small Finance Bank's Digital Hub in India is responsible for ensuring the institution's compliance with all statutory and regulatory requirements related to banking and financial services. The role is...
-
Team Lead
3 weeks ago
Mumbai, Maharashtra, India WIZSTAFFING PRIVATE LIMITED Full timeJob Description :- We are seeking a highly skilled and motivated individual to join our team as a team lead - azure data engineer.- The ideal candidate will have a strong background in azure data technologies, a proven track record of leading data engineering teams, and the ability to design and implement scalable and efficient data solutions.- The team lead...
-
Senior Manager
1 week ago
Navi Mumbai, Maharashtra, India H R CENTRAL Full timeDesignation : Senior Manager - Information Security Role : Information Security Manager Reporting to : Head of Information and Cybersecurity, Regional CISO for APAC Job Location : Navi MumbaiKey Responsibilities : - Planning, Supporting and Driving various IT Security, OT Security, Cybersecurity/ Data Security and Privacy Projects/ Initiatives/ POCs, as...
-
Mumbai, Maharashtra, India Avenue Supermarts Ltd - DMart Full timeKEY SKILLS AND EXPERIENCE : 1. Demonstrable experience within a Security Operations Center, coordinating responses to security incidents.2. Experience leading the implementation and development of MDR tooling, infrastructure and processes3. Experience On popular SIEM, SOAR, and threat hunting platforms is mandatory.4. Experience in security incident handling...
-
Manager - Information Technology (15-20 yrs)
1 month ago
Mumbai, Maharashtra, India iimjobs Full timeJob description :Develop and implement IT strategies aligned with the organization's overall goals.Stay abreast of industry trends and emerging technologies to ensure the company remains competitive.Manage and lead a team of IT professionals, providing guidance, mentoring, and support.Oversee the planning, execution, and delivery of IT projects within scope,...
-
Information Security Manager
3 weeks ago
Mumbai, Maharashtra, India Talentxo Full timeRole & Responsibilities :Lead the development, implementation, and maintenance of the company's ISMS based on the ISO 27001 framework.Conduct regular risk assessments to identify and prioritize security threats and vulnerabilities.Develop and implement security policies, procedures, and standards to mitigate identified risks.Manage and maintain the...
-
Risk Assessment
2 weeks ago
Mumbai, Maharashtra, India timesjobs Full timeCompany Description Bringle AcademyJob Description ResponsibilitiesYour activities will likely include:planning, designing and implementing an overall risk management process for the organisation;risk assessment, which involves analysing risks as well as identifying, describing and estimating the risks affecting the business;risk evaluation, which involves...
-
IAM Oversight Analyst
1 week ago
Mumbai, Maharashtra, India WTW Full timeSummary:Willis Towers Watson (WTW) Information & Cyber Security (ICS) requires an experienced IAM Oversight Analyst to work within the Identity and Access Management function.As an experienced information security professional, you will be responsible for leading an internationally dispersed team, support the Global Head of IAM in developing the Identity...
-
Mumbai, Maharashtra, India iimjobs Full timeAbout this role:The Head of Compliance will be required to oversee the compliance framework and ensure all applicable regulatory requirements are met.Job Description: Develop and implement compliance policies for all applicable laws and regulations relating to the business. Oversee Compliance operations. All matters related to SEBI and RBI Handling of work...
-
Lead - Security Operations & Management
3 weeks ago
Mumbai, Maharashtra, India Growel Softech Pvt. Ltd. Full timeLead Security Operations and Management/Head Cyber SecurityJob Description :Lead Security Operations and Management, shall be responsible for ensuring the day-to-day operations and maintenance of the organization's cyber security infrastructure and controls to protect systems, networks, and data to strengthen security posture and ensure the control...
