IT Security Governance, Risk, and Compliance

6 days ago


Gurgaon, Haryana, India Crocs, Inc. Full time ₹ 20,00,000 - ₹ 25,00,000 per year
Overview

Reporting into Information Security, the Governance, Risk, and Compliance (GRC) Engineer plays an instrumental role in guiding GRC strategies and processes. As the primary GRC authority in India and supporting the global GRC team, this engineer works directly with other partners such as Legal, Risk, Internal Audit, etc. to ensure the alignment of the company's IT and Enterprise risk management framework with its business objectives and regulatory requirements. The GRC Engineer possesses a combination of technical expertise, background in GRC, and applicable frameworks. They will identify, track, and address potential risks, while proactively improving the company's overall GRC posture.

What You'll Do

Third Party Risk Management

  • Act as a local point of contact for the IT Third Party Risk Management Program.
  • Maintain the chosen GRC platform to programmatically capture Cyber/IT risks, timely analysis to enable risk control and reporting.
  • Implement security controls, risk assessment framework, and program that aligns to regulatory requirements, chosen frameworks, and other internal requirements through collaboration with other key department partners.
  • Implement processes to automate and continuously supervise information security controls, exceptions, risks, and testing. Develop performance measures, dashboards, and evidence artifacts.

Policy and Procedure Management

  • Develop, maintain, and supervise implementation and adherence to regional Cybersecurity and GRC Policies and Processes to ensure compliance with applicable laws, regulations, and chosen industry standard frameworks including communications and training.
  • Collaborate with partners from other core organizations (e.g., Legal, Audit) to ensure Cybersecurity and GRC components are accounted for in collaborative enterprise-wide policies, and processes.
  • Define and detail security processes responsibilities and ownership of the controls in GRC tool. Schedule regular assessments and testing of effectiveness and efficiency of controls and build reports.

Audit and Compliance Management

  • Assist with all global regulatory and compliance assessments to include ISMS, MLPS, GDPR, SOX, NIST CSF, and PCI.
  • Develop and implement controls and documentation for all applicable security and/or privacy regulations within the APAC region.
  • Coordinate with internal and external auditors to facilitate audits, with the goal of assuring IT and Enterprise compliance and addressing potential issues proactively.
  • Guide IT and other Enterprise organizations to successfully achieve required compliance.
  • Work with partners and Subject Matter Authorities on deficiency remediation as a result of audit or internal control findings

Risk Management

  • Responsible for maintaining the Cybersecurity Risk Register and collaborating with other Risk collaborators throughout the enterprise for inclusion in overall risk reporting.
  • Work with business owners of known risks for remediation or compensating controls for policy adherence.
  • Facilitate documentation and approval process for Risk Acceptance, in accordance with Cybersecurity policy and applicable frameworks.
What You'll Bring to the Table
  • Bachelor's degree or equivalent experience in Information Technology or related field.
  • 6+ years of confirmed experience in cybersecurity as a practitioner, with 2+ years in GRC role. Experience working with other compliance driven teams such as Legal, Audit, etc.
  • In-depth Knowledge of Relevant Laws and Regulations and other applicable frameworks.
  • Knowledge and experience implementing and auditing CIS controls.
  • Risk Management Skills: Ability to identify, analyze, and optimally mitigate enterprise risks. Familiarity with risk management frameworks and methodologies.
  • Critical Thinking and Leadership: Strong ability to lead and handle the GRC function, develop and complete strategic plans, and guide the organization towards its GRC objectives.
  • Communication and Presentation Skills: Excellent written and verbal communication skills, with the ability to present sophisticated GRC issues and strategies clearly to various partners.
  • Analytical Skills: Strong ability to analyze sophisticated data, interpret compliance requirements, and develop effective solutions.
  • Negotiation and Influencing Skills: Ability to negotiate with, influence, and secure consensus from various partners, both internal and external, to achieve GRC objectives.
  • IT Proficiency: Familiarity with the use of GRC technology solutions, as well as a broad understanding of information security principles and standard processes.
  • Focus on staying updated with GRC field progress, including shifting laws and standard methodologies in GRC management.

 The Company is an Equal Opportunity Employer committed to a diverse and inclusive work environment.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability, or any other protected classification.

Job Category: Corporate 


  • Security Governance

    2 weeks ago


    Gurgaon, Haryana, India Sbi Cards And Payment Services Limited Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Deputy Vice President - Security Governance & Compliance About the company SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment...


  • Gurgaon, Haryana, India Airtel Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Job Title: Lead Governance, Risk & Compliance (GRC)Location: GurugramJob Type: Full-TimeRole Overview: We are seeking an accomplished Lead – Governance, Risk & Compliance (GRC) to define and drive the security governance, risk management, and compliance strategy across our nationwide telecom operations. This role will oversee compliance across Airtel's...


  • Gurgaon, Haryana, India Ericsson-Worldwide Full time ₹ 20,00,000 - ₹ 25,00,000 per year

    Grow with usOur Excellent OpportunitySenior Manager - Security Risk & Compliance is responsible for ensuring that the company's processes and systems are monitored and evaluated to meet compliance requirements. Some of the responsibilities include: Regulatory Intelligence - Monitor and analyse regulatory policies, notifications, and guidelines.Compliance -...


  • Gurgaon, Haryana, India Cvent Full time

    Job DescriptionAbout the role:Provide support for projects and operational tasks associated with Cvent's information security governance, risk management, and audit and compliance programsIn This Role, You Will:- Participate in internal security assessments and security reviews; conduct security risk analysis of business processes and technology solutions to...


  • Gurgaon, Haryana, India Airtel Full time ₹ 1,80,000 - ₹ 3,00,000 per year

    Sr. Executive (Information Security Risk & Compliance)Review of policy and procedure with implementation across organization In depth knowledge of risk management with good knowledge of handling external and internal risks Work with cyber risk quantification and integrate with existing risk management process. Should be able to quantify risks and...


  • Gurgaon, Haryana, India Autope Payment Solutions Full time ₹ 15,00,000 - ₹ 25,00,000 per year

    Job Description Risk / Compliance ManagerCompany: Autope Payment Solution LimitedLocation: GurugramExperience Required: Minimum 5 YearsPosition OverviewThe Risk / Compliance Manager will be responsible for developing, implementing, and maintaining the company's compliance and risk management framework. The role requires a deep understanding of regulatory...


  • Gurgaon, Haryana, India Airtel Full time ₹ 1,20,000 - ₹ 1,80,000 per year

    Information Security Risk Management and Compliance (GRC)Details : JD for Consultant (Information Security Risk & Compliance)POSITION Information Security Risk Management and Compliance (GRC) EXPERIENCE 4-5 Years KEY RESPONSIBILITIES & JOB DESCRIPTIONReview of policy and procedure with implementation across organization In depth knowledge of risk...


  • Gurgaon, Haryana, India Airtel Full time ₹ 20,00,000 - ₹ 25,00,000 per year

    Information Security Risk Management and Compliance (GRC) JD for Consultant (Information Security Risk & Compliance) KEY RESPONSIBILITIES & JOB DESCRIPTIONReview of policy and procedure with implementation across organization In depth knowledge of risk management with good knowledge of handling external and internal risks Work with cyber risk...


  • Gurgaon, Haryana, India Axa XL Full time

    Job DescriptionEssential Responsibilities:- Support the collection of up-to-date information from the business regarding their most valuable data and its use on a yearly basis (at minimum) at a Data Element level when possible.- Monitor the use of Data elements through security tools like DLP and Microsoft Purview.- Help create Sensitive Information Types to...


  • Gurgaon, Haryana, India airtel Full time ₹ 15,00,000 - ₹ 25,00,000 per year

    Plan, manage, and perform Process Reviews, including determining audit objectives and scope, identifying and assessing risks, developing time budgets and audit programs, and ensuring adequate documentation for each review Using knowledge/ expertise in performing reviews to determine compliance with all pertinent statutes, policies, procedures, effectiveness...