it grc – avp t500-12809

Job Profile:
Job Title: IT GRC Manager

Corporate Title: AVP

Experience: 10+ years

Location: Bangalore

No. of Positions: 1

Job Responsibilities:
Responsible for managing Cyber Security Risk, Compliance, and Assurance activities.
Drive the global cyber security certifications as per MGS Management Strategy. Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of ISO 27001, FFIEC, SOC2 as well as knowledge of controls related to Privacy, Compliance, Cyber and other risk domains.
Develops, maintains, and delivers effective cyber security policies, standards, and procedures.
Drive the implementation of the cyber security projects in the areas of governance and risk.
Partner with IT, Legal, HR, and other business units to manage information security governance and compliance.
Work with cyber security teams to identify and track risk based on the threat landscape.
Measuring ongoing metrics and improvements along with providing actionable items to the extended IT teams
Lead the MGS Incident Response Team along with other business units.
Develop and present the KRI and KPI to bring out the dashboard, which shows the security posture in compliance with all the cyber security controls.
Ensure security is embedded in the project delivery process by providing appropriate information security policies, procedures, and guidelines.
Prepare the team for external audits and facilitate IT audits.
Maintain the ongoing training and awareness program at MGS. Develop a long-term Cyber Security Awareness Program strategy, processes, and procedures.
Drive phishing simulation and subsequent activity to reduce enterprise phishing susceptibility.
Report to leadership on metrics that effectively measure the impact of cybersecurity training and awareness programs.
Driving continuous improvement of the effectiveness of control implementations and reporting to enhance and mature the security programs and exception management process.
Knowledge of global operational risk guidelines including Basel, Controls Assessment, Controls Remediation etc.
Good Knowledge of RCSA Framework, Operational risk controls framework and experience in any GRC tools like ServiceNow, RSA Archer, MetricStream etc.

Job Requirement:
B.Tech./ MCA/ in Computer Science, Computer Engineering, or a comparable education and experience
Minimum 10 years of progressive experience in Cyber Security and IT GRC
Experience in security awareness program management is a plus.
Strong implementation experience of Cyber Security Framework standards and requirements and ability to apply them to an enterprise environment.
Proven track record and experience in executing information security-related projects in a global company.
Experience in handling audits by internal/external and regulatory agencies
Experience with infrastructure operations and processes associated with infra and application management in an Enterprise-level organization.
Experience in presenting to a larger audience. Very good oral and written communication skills in English
Certifications: CISSP, CISM, CRISC, ISO27001 Lead Implementation

---