Consultant

Job Description

In this role, you will partake in all GRC, Privacy and Business Continuity initiatives for the organization working with other ISG Functions, relevant stakeholders internally within the organization, and where applicable with external stakeholders. For this, you will handle initiatives such as, but not limited to, oCyber Security and Privacy Strategy and Strategic PlanoCyber Security and Privacy Governance Framework oCyber Security and Privacy benchmarkingoHandling of Cyber Security, Privacy and Business Continuity implementations, maintenance, Audits and Attestations with respective to ISO 27001:2013 / 2022 (ISMS), ISO 27701:2019 (PIMS), ISO 22301:2019 (BCMS), SOC2 Type-2 Attestation, HITRUST Certification Audits, GDPR, Security Councils and ReportingoProgram Management Office (PgMO) oCyber Security and Privacy Skill ManagementoExternal and Internal Cyber Security and Privacy branding oThird-Party Risk Management (TPRM)oM&A Cyber Security oCyber Security and Privacy Regulatory ComplianceoBusiness Continuity Management (BCM) and Cyber Resilience ProgramoInculcate Privacy by Design (PbD) as a conscious practice in the organization o Building and institutionalization of relevant Policies, Processes, Procedures and Guidelines in the organizationoClosely work with relevant stakeholders to ensure compliance against Privacy and Data Protection requirements at all times, including incorporating of appropriate Data Processing Agreements (DPAs) covering relevant Fiduciary / Controller / Processor / Sub-Processor relationships as needed and adherence to applicable Regulatory requirements such as, but not limited to, Indian DPDP, EU GDPR, CCPA etc. oUndertake Privacy Impact Assessments (PIA) / Data Protection Impact Assessment (DPIA) and review any relevant changes which can influence the use, storage or disposal of any form of Personally Identifiable Information (PII) and drive closures of identified gaps / risks to closure without permissible timelines o Align and maintain the Privacy Program in line with the Privacy Information Management System (PIMS) basis ISO27701:2019 StandardoAlign and maintain the BCM in line with the Business Continuity Management System (BCMS) basis ISO 22301:2019 StandardWork with stakeholders to ensure timely identification, recording and notification to relevant Supervisory Authorities, Clients or other effected parties as well as its resolution, in the event of a relevant, material incident, should it occuroKeep abreast with the latest happenings on global Privacy Regulations so as to ensure compliance to the sameoHelp the CISO & DPO drive the Information Security Council (ISC) through its comprehensive Metrics program and reporting expectations. oRespond to RFP/Is, review / redline MSA / SoWs. Information Security and Privacy Addendums, Data Protection Addendums (DPA), Client Security questionnaires etc. oAssist the team in designing, implementing, maintaining and continually improving the Information Security and Privacy culture in the organization so as to ensure a robust and scalable Cyber Security and Privacy program Knowledge expectations oYou come with up to 3 years of working experience in Information SecurityoYou have a good understand of applying pragmatic Information Security and Privacy controls in leading Standards and Frameworks such as, but not limited to, Information Security Management System (ISO 27001:2022), Privacy Information Management System (ISO 27701:2019), Business Continuity Management System (ISO 22301:2019), NIST Cyber Security Framework (NIST), NIST 800-53, PCI DSS, HIPAA, SSAE-18 SOC1 or SOC2 and SoX controls, ITIL, having been part of various implementations and compliance initiatives on the sameoWorking knowledge of any leading GRC workflow tools (e. g. : OneTrust, RSA Archer, RSAM etc. ) oYou have a good understanding of essential controls in one or more of the following Cloud platforms - Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP) oYou come with experience in assessing applications, systems and processes those handling PII and recommending corrective actions to achieve compliance with relevant Privacy and Data Protection requirementsoYou come with working knowledge of interpretation and control implementations pertaining to Cyber Laws, Privacy and Data Protection Laws as well as relevant decisions / guidance issued by Supervisory Authorities, Courts and Tribunals from time to time in applicable jurisdictionsoYou stay informed on the latest on the dynamic Regulatory landscape which can influence the need to, and the scope of various Information Security and Privacy Controls in the organization Required education and certifications oYou are an Engineering graduate, have an equivalent or higher educationoYou have acquired one or more of the following certifications - CISSP, CRISC, CISM, CISA, CIPP, CIPM, FIP, CDPSE, ISO 27001:2013 / 2022 Lead Implementer / Auditor, ISO 27701:2019 Lead Implementer / Auditor, ISO 22301:2019 Certifications Skill expectations and others oYou have great attention to detail, strong communication and collaboration skills oYou come with a mix of technical, analytical and problem-solving skillsoYou come with a mindset of helping improve the Privacy Program at all times oYou are an avid learner which you continuously look at imbibing and applying on the job oYou are a self-starter, a go getter and an innovative thinker with a positive attitude