Information Security – Risk Manager – GRC

Started in the year 1990, SMC is a well-diversified financial service company in India & Abroad, offering one stop investment solutions in trading & investments. SMC believes in growing with its clients and creating valuable relationships. It's about having the passion to go that extra mile and it's about making the clients and partners a part of the family.

SMC offers advanced broking services across equity, derivative, currency and commodity asset classes, financial analytics, mortgage advisory, investment banking and executions in cash & future equities.

Specialties: -

Equity, Commodity & Currency trading, IPO & MF Distribution, Depository, Clearing Services, Research, Insurance Broking - Life & Non-Life, Wealth Advisory, Institutional Broking, Investment Banking, Real Estate Advisory, Mortgage Advisory, NBFC Financing, and AIF

Hiring for Information Security – Risk Manager – GRC (BCP & ISO 27001:2022 Implementation)

Experience required for the Job:
5 - 10 years

Job Location:
Delhi

Position/Title:
Risk Manager – GRC

Job Summary:

The
Risk Manager – GRC (ISO 27001:2022 & BCP)
is responsible for overseeing the implementation, maintenance, and continual improvement of the Information Security Management System (ISMS) in alignment with
ISO 27001:2022 standards
. This role ensures that the organization's information security practices meet regulatory requirements, client expectations, and industry best practices, while also mitigating risks to the confidentiality, integrity, and availability of information.

Education:

• Bachelor's degree in Information Security, Computer Science, or a related field.
• A Master's degree is a plus.

Experience:

• 5+ years of experience in information security management, with a focus on ISO 27001 implementation and compliance.
• Proven experience in leading ISMS implementation and managing information security compliance audits.

Certifications:

• ISO 27001 Lead Implementer or Lead Auditor certification.
• Additional certifications such as CISSP, CISM, or CISA are advantageous.

Skills:

• In-depth knowledge of ISO 27001:2022 standards and information security best practices.
• Strong understanding of risk management and incident management processes.
• Excellent communication, documentation, and project management skills.
• Ability to work collaboratively with cross-functional teams and influence decision-making.
• Knowledgeable and experienced in crisis management best practices.
• Experience with cloud (AWS) environments, SaaS provider architecture, and cloud-based disaster recovery methodologies.

Key Responsibilities:

1. ISMS Implementation & Maintenance

• Lead the development, implementation, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO 27001:2022 standards.
• Ensure that all policies, procedures, and controls are documented, communicated, and enforced throughout the organization.
• Collaborate with various departments to integrate ISO 27001 requirements into business processes and operations.

2. Risk Management

• Conduct regular risk assessments to identify, analyze, and evaluate information security risks.
• Develop and implement risk treatment plans to mitigate identified risks.
• Monitor the effectiveness of risk treatment plans and adjust them as necessary to ensure ongoing risk mitigation.

3. Compliance & Audit Management

• Prepare and maintain compliance documentation required for ISO 27001:2022 certification.
• Coordinate and facilitate internal and external audits to ensure compliance with ISO 27001 standards.
• Address non-conformities identified during audits by developing and implementing corrective and preventive actions.

4. Training & Awareness

• Develop and deliver information security awareness training programs to educate employees about their roles in maintaining the ISMS.
• Ensure that staff members understand and comply with ISO 27001:2022 policies and procedures.

5. Incident Management

• Oversee the incident management process, ensuring that information security incidents are promptly identified, reported, and managed.
• Conduct post-incident reviews to identify root causes and implement corrective actions to prevent recurrence.

6. Continuous Improvement

• Monitor and evaluate the effectiveness of the ISMS, identifying areas for improvement.
• Lead initiatives to enhance the organization's information security posture, staying up to date with industry trends, emerging threats, and changes in the regulatory environment.

7. Stakeholder Communication

• Act as the primary point of contact for all matters related to ISO 27001:2022 compliance.
• Communicate ISMS performance, compliance status, and risk management activities to senior management and relevant stakeholders.

8. Vendor and Third-Party Management

• Evaluate and monitor third-party vendors and service providers to ensure they meet the organization's information security requirements.
• Develop and maintain vendor risk assessments and ensure that third-party agreements align with ISO 27001:2022 standards.

9.
Coordinate business continuity and technology disaster recovery drills and tabletop exercises as appropriate.

10.
Identify critical systems and categorize them based on enterprise and operational risks crucial to continued business operations in the event of a disaster.

11.
Create reports as needed for different levels of leadership, covering all aspects of BCP.

12.
Conduct weekly status reports, DR readiness reviews, milestone reviews, and post-exercise reviews.

Note:
This role is 60% documentation and process-oriented.