AVP and Head of Governance, Risk & Compliance

AVP and Head of Governance, Risk & Compliance

Work Experience

• 20-23 years of related experience in information technology Infrastructure, Engineering, Operation, Risk Assessment and Advisory
• 10-12 years relevant experience in Cyber / Information security governance, risk, and compliance management and technical risk management as well as risk advisory services related hands on experience.
• Experience with Cyber / Information Security Policy, standards, and controls definition.
• Strong knowledge of current and emerging Cyber / Information Security risks, and innovative risk management methods and solutions.
• Ability to collaboratively develop a risk strategy in conjunction with stakeholders.
• Strong analytical thinking, written, and oral communication, and presentation skills.
• Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, SOC2, GDPR, MRC, and ISO standards (ISO 27001, ISO 22301).
• Must have the ability to influence others and work at all management levels across the organizational structure.
• Broad understanding of security and privacy concepts.
• Experience working in the Indian Banking domain.
• Skilled at planning, tracking plans, working cross departments to review processes and controls, and gathering and organizing documentation and test results.
• Able to understand contracts and technical documentation and can assess it for consistency and alignment with processes and controls outlined in requirements and audit materials.
• Ability to effectively communicate and relate to all levels of the organization.

Industry

• Financial Domain (Banking / NBFC experience is desirable)

Responsibilities

• Directly responsible for policies, procedures, and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices.
• Develop and manage Cyber/Information security risk management program including development, evaluation, and adherence to multiple areas of practice.
• Develop a Risk Management Strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels using the CMMI Cyber Maturity / NIST CSF Framework.
• Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards.
• Identify, assess, manage, and track remediation of risks related to IT infrastructure, applications, platforms, and suppliers and drive explicit requirements and timelines in all environments.
• Develop strong relationships with external audit, key stakeholders, and regulators to ensure risk management oversight is understood, managed appropriately, and current with all standards, guidelines, and regulations that are applicable.
• Liaise with all departments to identify, track, and provide remediation guidance for new projects, services, and/or third-party contracts in terms of information security assurance.
• Oversee high risk initiatives and serve as a point of escalation for remediation/mitigation efforts.
• Develop a security compliance strategy and approach and ensure compliance with ISO 27001 (ISMS), ISO 22301 (BCMS), RBI Master Directions, local cyber security & privacy laws (DPDP), contractual requirements, and globally recognized standards and guidelines.
• Identify regulatory, legislative, and industry-specific compliance requirements and define controls that can be used to meet those requirements.
• Oversee third party (Vendor) assessment standards and privileged user monitoring as a check on critical system access.
• Coordinate a team which serves as the intake on security related inquiries and coordinate with subject matter experts.
• Build out and maintain existing GRC tools and processes within information security to provide visibility and transparency.
• Perform any other related duties as required or assigned.

Certifications

• Industry recognized certification in Cyber Security / Information security - At least one of the (CISSP, CISA, CISM, CRISC) Preferred.

Education

• University Degree in the field of Engineering and Technology such as BE/B.Tech, BSc/MSc/BCA/MCA, Preferred specialization in the Information Security or Cyber Security

Employment Type

• All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent.