Lead-Governance Risk and Compliance

Job Description Job Description About Nayara Energy: Nayara Energy is a new-age downstream energy and petrochemicals company with a formidable presence spanning across the entire hydrocarbon value chain, from Refining to Retail. Nayara Energy operates in India for India driven by a relentless commitment to fuel the nation's energy aspirations. At the heart of our operations lies the Vadinar refinery, India's second-largest single-site refinery with a capacity of 20MMTPA.With over 6,300 Retail Outlets, we cater to the need for reliable and safe mobility across the length and breadth of the country. We have adopted a phase wise asset development strategy to enter the petrochemicals sector which will be a significant step in our crude to chemicals journey. Through sustainable development projects in Health and Nutrition, Education and Skill Development, and Sustainable Livelihoods, Nayara Energy enhances the quality of life in the communities it operates in. Delivering value for all our stakeholders is at the very core of our beliefs and we are committed to providing the energy that fuels the dreams of our employees, customers, partners, and communities. Job Purpose - The Information Security - Governance, Risk, and Compliance Lead is the people manager and responsible for the assessing and documenting of the Nayara's compliance and risk posture as they relate to its information assets. The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines. Responsibilities Key Responsibilities Leadership & Program Oversight: - Operate independently across GRC initiatives, providing strategic and technical inputs to strengthen cybersecurity posture. - Lead project planning and resource estimation for GRC-related programs and investigations - Support the Head Information Security in designing and maintaining Nayara's cybersecurity governance framework. Governance & Metrics Management: - Develop and share periodic reports on the status of Nayara's Information Security Program - Maintain the Information Security Online Dashboard and metrics program for control effectiveness. - Coordinate with internal functions to collect data and support governance activities. Risk Assessment & Threat Intelligence: - Identify and document vulnerabilities, threats, and business impacts across IT systems. - Conduct risk assessments and recommend mitigation strategies aligned with industry standards. - Benchmark Nayara's security practices against frameworks like NIST CSF, ISO/IEC 27001, COBIT, and ITIL Supply Chain Risk Management: - Develop and implement cybersecurity supply chain risk management frameworks. - Assess supplier compliance through audits and evaluations, ensuring contractual obligations are met. - providers. Awareness & Training: - Create content for refresher training and new joiner induction programs. - Ensure all users, including executives and third-party stakeholders, understand their security responsibilities. Policy Compliance & Audit Readiness: - Lead the enterprise-wide information security compliance program. - Develop policies to protect sensitive data and ensure alignment with legal and regulatory requirements. - Manage audit and assessment processes for internal and external stakeholders. Incident Management & Forensics: - Record and track security incidents including compromised accounts and abuse reports. - Support forensic investigations and fact gathering for incident resolution. Miscellaneous Responsibilities: - Perform additional duties as assigned to support departmental operations and continuous improvement. Qualifications Knowledge Educational Qualifications & Allied Skills: - Bachelor's or master's degree in computer science, information systems, or equivalent work experience. An M.B.A. or M.S. in information security is preferred. Relevant Experience - Minimum of 9-13 years of experience in a combination of risk management, information security and IT jobs. Skills Functional Competencies - Develops and implements robust information security policies and programs. - Demonstrates expertise in legal, regulatory, and industry frameworks (e.g., IT Act, PCI DSS, NIST CSF) - Manages complex projects with proficiency in budgeting, scheduling, and resource planning. - Conducts audits of financial systems and SAP environments for security compliance - Holds or pursues professional certifications such as CISSP, CISM, CISA, or CEH Behavioural Competencies - Communicates security concepts clearly across technical and non-technical audiences. - Collaborates effectively with cross-functional teams in high-pressure environments. - Applies strong analytical skills to solve problems and meet strategic objectives. - Adapts to dynamic conditions while maintaining focus on excellence and delivery. - Demonstrates integrity, accountability, and a commitment to continuous improvement