Audit Manager

The Technology GRC Manager at C1 is responsible for overseeing and managing the risk assessment, remediation, and monitoring of information and technology process risks. In this role, you will ensure that all risk and compliance activities are effectively performed by various control functions. As an internal consultant, you will provide guidance to operating functions and business lines on risk-related matters, in addition to identifying, assessing, quantifying, reporting, communicating, mitigating, and monitoring process risks to uphold the organization's overall security and compliance posture. Your responsibilities will include ensuring strong governance on risk and compliance, managing risk assessment, remediation, and monitoring of information and technology process risks, serving as an internal risk consultant, and collaborating with control functions to track and mitigate identified risks. You will work closely with technology leaders to identify control gaps, act as a subject matter expert for risk and controls related to operations, and maintain strong working relationships with stakeholders. Additionally, you will review and refine policies and processes based on industry best practices, track identified risks, and ensure their closure within defined timelines, as well as prepare and maintain risk heat maps and risk registers. To excel in this role, you must possess excellent executive-level communication skills, strong working relationships with team members, and the ability to motivate them. Knowledge in areas such as Application Security, Data Security, Identity Access Management, Information, Infrastructure Technology, GDPR, and ISO Audits is essential. A solid understanding of the Risk Management Lifecycle and exposure to standards like SOX, COBIT, PCI-DSS, and NIST Control are required. An understanding of Security incident response aspects is desirable, along with good analytical, problem-solving, and interpersonal skills. The ideal candidate should have a B.E in Computer Science/Information Technology or equivalent qualification with 8-12 years of experience. An industry-recognized certification in information security such as CISSP, CISM, CISA, etc., would be advantageous.,