Cyber Security & GRC - Manager

Location

Head Office – Mumbai

Function

Technology

Job Purpose

The role incumbent will drive Governance, Risk and Regulatory compliance (such as SEBI and RBI regulations) for the organization. The role will also drive various cyber security initiatives. The role would require the individual to take care of internal audits and ensure effective internal operating controls, processes and practices for Information Security and Risk Management in the organization.

Role

• Understanding SEBI, RBI and other regulations around Information Technology Governance and Information Security
• Management i.e. creation, review and modification of Information Technology and ISMS policies and related procedures & guidelines as per requirements of Indian regulatory laws/ acts and international framework / best practices
• Implementation and execution of policies
• IT Risk Assessment and maintaining IT Risk Register
• ISO 27001 implementation
• SOC Governance
• Ensure information assets and systems are protected by identifying risks related to confidentiality, integrity and availability and mitigation through implementation of controls
• Work hand-in-hand with Infrastructure, Application, Network and Project teams to ensure Security Solutions are implemented as per standards
• Coordination with vendors & internal stake holders to manage Cyber Security initiative.
• Take preventive/ corrective actions against cyber incidents
• Facilitate internal / external auditors for ITGC, ITAC, VAPT etc. and provide details / evidences to them as per requirements.
• Ensure that all feasible audit observations and internal/ external advisory measures are implemented through respective IT teams
• Ensure that appropriate testing of information security, IT business continuity and disaster recovery plans are carried out to meet business needs
• Capture & share knowledge for information/ cyber security within team to enhance capabilities and to strengthen the awareness to end users including contractors
• Corporate wide Information Security communication and program management
• User awareness initiatives and trainings
• Security Risks & KPI monitoring and improvement

Qualification & experience

• Years of experience: Min 7-9 years of total experience
• Qualifications: BE / MBA
• Experience: at least 5 Years relevant experience with exposure to BFSI & NBFC sectors
• Experience in SEBI, RBI and other regulatory requirements
• Professional qualifications like Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), ISO 27001, COBIT, CEH, CISA, CISSP etc.
• Knowledge about Data Center Security, Network Security
• Excellent knowledge of ITGC & working knowledge of ISO 27001
• Ability to lead a team and manage stakeholders

Essential skills

• Effective Planning and Execution
• Stakeholder Management, Networking & Influencing skills
• System & Process orientation
• Ability to challenge status quo

Ideal candidate (in terms of current role/ organization/ industry)