Grc - Governance, Risk Compliance , Information Security

**Job Title: Governance, Risk Compliance (GRC), Information Security**

**Location: Mumbai**

**Qualification: Bachelor’s degree in information security, Computer Science, or a related field.**

**Below certification would be an added advantage: CISA, ISO27001, ISO22301, CISSP**

**Experience: Senior Manager/AGM- 8to 10 years**

Proven track record in risk assessment, policy development and compliance management.

**Role and Responsibilities**:
1. Governance:Develop, review and update information security policies, procedures and frame works to align withindustry best practices and regulatory requirements. Ensure the integration of security governance into the overall enterprise risk management framework.

2. Risk Management: Conduct comprehensive risk assessments, including identifying threats, vulnerabilities and potential impacts. Develop and implement risk management strategies, including risk acceptance, mitigation, and transfer.Monitor and evaluate the effectiveness of risk management controls and adjust strategies as necessary.

3. Compliance: Ensure compliance with regulatory requirements such as SEBI, CERT-In, NCIIPC, etc and industry standardsincluding ISO 27001, NIST, etc. Manage and coordinate internal and external audits, including preparation of documentation,scheduling, and follow-up on audit findings. SupportforInteractionwithregulatorybodiesandexternalagenciesthatcouldbehelpfulinreplying toqueries, notices, data demands from the organizations like e.g. CERT-In, SEBI, NCIIPC. Preparing/collecting data for SCOT/Board meeting.

4. Incident Management: Develop and maintain incident response plans, including procedures for identification,containment, eradication, and recovery. Assist with the investigation and resolution of security incidents and breaches. Conduct root cause analysis and develop recommendation stop prevent recurrence

5. Training and Awareness:Designandimplementsecurityawarenesstrainingprogramsforemployeesatalllevels. Conduct periodic security training sessions and workshops. Assesstheeffectivenessoftrainingprogramsandmakeimprovementsbasedon feedback and incidenttrends.

6. Reporting and Documentation: Prepare detailed reports on the status of information security governance, risk management andcompliance activities. Document and track issues, findings and remediation efforts. Provideregularupdatestoseniormanagementandstakeholdersonsecuritypostureandcompliancestatus. Prepare and maintain risk registers. Prepare ISO27001 & ISO22301 related documentation.

7. Policy and Procedure Management: Develop and manage the life cycle of security policies and procedures, including review cyclesand approval processes. Ensure all documentation is current, accurate and accessible to relevant stakeholders.

8. Audit Management: Stakeholdermanagement includinginteractionwithBusinessHeads,ITLeaders onproviding information on Various IT Related Risks, Audit Findings, Implementation, Governance and Regulatory Complianceaspects. Work closely with external IS Auditors/Vendors for Scheduling, Monitoring and Closing IT and IS related Issues on a timely manner.

Skills: Strong oral and written communication, analytical and problem-solving skills, as well as excellentjudgment on data analysis. Superior organizing skills along with time and team management. Experience of project management using MS Projector other tools. Ability to effectively use collaboration tools like SharePoint, Teams etc. for optimum execution & control.

**Job Types**: Full-time, Permanent

Pay: Up to ₹2,500,000.00 per year

**Benefits**:

- Health insurance
- Paid sick time
- Paid time off
- Provident Fund
- Work from home

Schedule:

- Day shift
- Fixed shift
- Monday to Friday

Work Location: In person