Risk Manager – GRC

Hiring for Information Security – Risk Manager – GRC (BCP & ISO 27001:2022 Implementation)Experience required for the Job: 5 - 10 yearsJob Location: DelhiPosition: Risk Manager – GRCJob Summary:The Risk Manager – GRC (ISO 27001:2022 & BCP) is responsible for overseeing the implementation, maintenance, and continual improvement of the Information Security Management System (ISMS) in alignment with ISO 27001:2022 standards. This role ensures that the organization’s information security practices meet regulatory requirements, client expectations, and industry best practices, while also mitigating risks to the confidentiality, integrity, and availability of information.Education:Bachelor’s degree in Information Security, Computer Science, or a related field.A Master’s degree is a plus.Experience:5+ years of experience in information security management, with a focus on ISO 27001 implementation and compliance.Proven experience in leading ISMS implementation and managing information security compliance audits.Certifications:ISO 27001 Lead Implementer or Lead Auditor certification.Additional certifications such as CISSP, CISM, or CISA are advantageous.Skills:In-depth knowledge of ISO 27001:2022 standards and information security best practices.Strong understanding of risk management and incident management processes.Excellent communication, documentation, and project management skills.Ability to work collaboratively with cross-functional teams and influence decision-making.Knowledgeable and experienced in crisis management best practices.Experience with cloud (AWS) environments, SaaS provider architecture, and cloud-based disaster recovery methodologies.Key Responsibilities:1. ISMS Implementation & MaintenanceLead the development, implementation, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO 27001:2022 standards.Ensure that all policies, procedures, and controls are documented, communicated, and enforced throughout the organization.Collaborate with various departments to integrate ISO 27001 requirements into business processes and operations.2. Risk ManagementConduct regular risk assessments to identify, analyze, and evaluate information security risks.Develop and implement risk treatment plans to mitigate identified risks.Monitor the effectiveness of risk treatment plans and adjust them as necessary to ensure ongoing risk mitigation.3. Compliance & Audit ManagementPrepare and maintain compliance documentation required for ISO 27001:2022 certification.Coordinate and facilitate internal and external audits to ensure compliance with ISO 27001 standards.Address non-conformities identified during audits by developing and implementing corrective and preventive actions.4. Training & AwarenessDevelop and deliver information security awareness training programs to educate employees about their roles in maintaining the ISMS.Ensure that staff members understand and comply with ISO 27001:2022 policies and procedures.5. Incident ManagementOversee the incident management process, ensuring that information security incidents are promptly identified, reported, and managed.Conduct post-incident reviews to identify root causes and implement corrective actions to prevent recurrence.6. Continuous ImprovementMonitor and evaluate the effectiveness of the ISMS, identifying areas for improvement.Lead initiatives to enhance the organization’s information security posture, staying up to date with industry trends, emerging threats, and changes in the regulatory environment.7. Stakeholder CommunicationAct as the primary point of contact for all matters related to ISO 27001:2022 compliance.Communicate ISMS performance, compliance status, and risk management activities to senior management and relevant stakeholders.8. Vendor and Third-Party ManagementEvaluate and monitor third-party vendors and service providers to ensure they meet the organization's information security requirements.Develop and maintain vendor risk assessments and ensure that third-party agreements align with ISO 27001:2022 standards.9. Coordinate business continuity and technology disaster recovery drills and tabletop exercises as appropriate.10. Identify critical systems and categorize them based on enterprise and operational risks crucial to continued business operations in the event of a disaster.11. Create reports as needed for different levels of leadership, covering all aspects of BCP.12. Conduct weekly status reports, DR readiness reviews, milestone reviews, and post-exercise reviews.Note: This role is 60% documentation and process-oriented.