Deputy Manager - IT Governance

Job Title:

Location

Responsibilities:

As GRC (Governance, Risk, and Compliance) Manager is responsible for overseeing and managing the risk assessment, remediation, and monitoring of information and technology process risks. This role involves ensuring that all risk and compliance activities are performed effectively by various control functions. The GRC Manager also serves as an internal consultant, providing guidance to operating functions and business lines on risk-related matters.

Additionally, they are tasked with identifying, assessing, quantifying, reporting, communicating, mitigating, and monitoring process risks to ensure the organization's overall security and compliance posture.

• Ensure strong governance on risk and compliance performed by various control functions.
• Manage risk assessment, remediation, and monitoring of information and technology • Identify, assess, quantify, report, communicate, mitigate, and monitor process risks.
• Support the implementation of information security policies.
• Discuss risk closure, mitigation, and acceptance with stakeholders.
• Ensure periodic entitlement reviews are completed, and risks are managed to an acceptable level.
• Collaborate with control functions to track and mitigate identified risks.
• Work with technology leaders to identify control gaps.
• Act as a subject matter expert for risk and controls related to operations.
• Maintain strong working relationships with stakeholders.
• Review and refine policies and processes based on industry best practices.
• Track identified risks and ensured their closure within defined timelines.
• Prepare and maintain risk heat maps and risk registers.

Framework Implementation of IT Governance:

Assist in Implementing a comprehensive IT governance framework for the IFTAS, policies, and procedures aligned with industry best practices (e.g., COBIT, ITIL) and organizational goals.

Assist in establishing clear roles, responsibilities, and accountability for IT decision-making processes across the organization.

Assist in developing and managing the IT policy lifecycle, including creation, review, approval, and communication.

Strategic Alignment & Planning:

Assist in ensuring IT strategies, initiatives, and investments are directly aligned with the overall business strategy and objectives.

Facilitate the IT strategic planning process, translating business needs into actionable IT priorities.

Assist in developing and track key performance indicators (KPIs) and metrics to measure the effectiveness of IT governance and overall IT performance.

Risk Management & Compliance:

Identify, assess, and monitor IT-related risks, including cybersecurity, data privacy, and operational risks.

Ensure IT compliance with relevant internal policies, external regulations (e.g., GDPR, RBI guidelines, SEBI regulations if applicable), and industry standards.

Manage IT audits (internal and external), facilitate responses, and track remediation efforts.

Assist in financial , corporate governance, HR,Admin audits in line with CAG and other statutory requirements under the companies act 2013 and other relevant acts as applicable.

Performance & Value Management:

Establish processes for IT performance management, ensuring efficient and effective delivery of IT services and projects.

Assist in development of mechanisms to measure and report on the business value delivered by IT investments.

Drive continuous improvement initiatives within the IT organization based on governance insights.

Stakeholder Engagement & Communication:

Help in liaising between IT and business stakeholders to ensure clear communication and shared understanding of IT governance principles and outcomes.

Facilitate governance committees and working groups, preparing agendas, minutes, and tracking action items.

Educate and advocate for IT governance best practices across the organization.

Education:

Experience:

- 6 years of experience in auditing domain within both government and public sector undertakings is preferable.

- Expertise in compliance audit and MIS reporting required for Governance is mandatory.

Knowledge

- 6+ years of progressive experience in IT, with at least 3+ years specifically in IT Governance, Risk Management, Compliance, or IT Audit.

- Demonstrated experience in developing and implementing IT governance frameworks (e.g., COBIT, ITIL).

- Proven ability to manage complex projects and drive organizational change.

Skills:

• Strong communication, presentation, and interpersonal skills, with the ability to influence stakeholders at all levels.
• Strong working relationships with team members and the ability to motivate them.
• Knowledge in areas such as Application Security, Data Security, Identity Access Management, Information, Infrastructure Technology, GDPR, and ISO Audits.
• Solid understanding of Risk Management Lifecycle and exposure to standards like SOX, COBIT, PCI-DSS, NIST Control, etc.
• Understanding of Security incident response aspects is desirable.
• Good analytical, problem-solving, and interpersonal skills.
• Proficiency in risk assessment methodologies and compliance frameworks.
• Ability to work independently and as part of a cross-functional team.