Deputy Manager - IT GRC (Governance, Risk, and Compliance)

Deputy Manager - IT GRC (Governance, Risk, and Compliance) role

Main Objectives

The primary objective is to ensure the IT landscape is secure, compliant, and aligned with business goals. This involves:

• Implementing comprehensive IT GRC strategies.
• Implementing INCOME framework for D&IT function
• Implement and Manage - Risk management processes.
• Ensuring adherence to regulations and standards.
• Maintain Digital &IT internal control requirements
• Lead the Digital & IT Internal Control and Compliance

Key Responsibilities

• Audit Preparation and Management: Prepare processes, teams, and documents for internal and external audits. Track and remediate audit observations with corrective and preventive actions.

• Risk Management: Manage and track all technology-related risks for timely closure. Oversee formal risk analysis and self-assessment programs for various systems and processes.

• Compliance: Ensure compliance with privilege access management processes and relevant IT regulations and standards, such as ISO 27001 and NIST CSF.

• Documentation and Communication: Maintain strong documentation and communication skills. Ensure clear communication with stakeholders and effective conflict resolution.

• Implementing Initiatives: Coordinate with various departments to ensure smooth execution and monitor progress.

• Continuous Improvement: Foster a culture of continuous improvement within the IT GRC team.

• Stakeholder Engagement: Engage with key stakeholders, including management and department heads, to ensure IT GRC strategies are well-supported and integrated.

• Conducting Risk Assessments: Oversee comprehensive risk assessments to identify potential risks.

• Developing Mitigation Strategies: Implement controls and safeguards to reduce the likelihood and impact of risks.

• Monitoring and Reporting: Establish effective monitoring mechanisms and regularly report on risk status to management.

• Collaboration with Departments: Work closely with various departments to ensure effective implementation of risk management strategies.

• Adhering to Regulations: Ensure compliance with all relevant IT regulations and standards.

• Implementing Best Practices: Promote the adoption of industry best practices within the organization.

• Internal and External Audits: Conduct regular internal audits and manage relationships with external auditors and regulatory bodies.

• Policy Development: Develop and maintain comprehensive IT GRC policies.

Coordination and Collaboration

• Cross-Departmental Collaboration: Collaborate with various departments to ensure effective implementation of GRC initiatives.

• Stakeholder Communication: Ensure stakeholders are informed about the progress and impact of GRC activities.

• Conflict Resolution: Resolve conflicts that arise during the implementation of GRC initiatives.

• Internal Audits: Conduct internal audits to assess the effectiveness of IT GRC controls and processes.

• Managing External Audits: Ensure the organization is well-prepared for external audits and address any findings promptly.

• Audit Preparation: lead the preparation for audits to ensure a smooth process.

• Addressing Audit Findings: Develop and implement action plans to resolve audit findings and prevent recurrence.

• Continuous Improvement: Use audit insights to drive continuous improvement in GRC practices.

• Regular Reporting: Provide regular reports on IT GRC activities to management and the board.

• Clear Communication: Ensure GRC-related information is communicated clearly and consistently.

• Training and Awareness: Promote awareness of GRC policies and practices within the organization through training sessions and resources.

Technical Knowledge and Skills

• Understanding IT Systems: Strong understanding of IT systems, including Cloud services, IT-OT convergence, hardware, software, networks, and data management practices.
• Security Principles: Deep understanding of security principles, including encryption and access control.
• Risk Management Frameworks: Familiarity with frameworks such as ISO 31000 and NIST RMF.
• Emerging Technologies: Stay updated on emerging technologies and their impact on IT GRC practices.
• Technical Certifications: Relevant certifications such as CRISC are valuable.
• Compliance Knowledge
• Regulatory Requirements: Deep knowledge of relevant regulatory requirements, such as CEA guidelines, Internal Controls (ITGC), IT Act, Indian and global Energy sector compliance, GDPR, HIPAA, and SOX.
• Industry Standards: Familiarity with industry standards like ISO 27001 and NIST CSF.
• Compliance Assessment: Conduct regular compliance assessments and develop comprehensive compliance policies.
• Training and Awareness: Promote awareness of compliance requirements within the organization.

Analytical and Problem-Solving

• Risk Analysis: Conduct formal risk analysis to identify potential vulnerabilities.
• Problem-Solving: Develop and implement effective solutions to mitigate risks.
• Data Analysis: Analyze data to identify trends, assess risks, and make informed decisions.
• Decision-Making: Make informed decisions based on risk and compliance analysis.
• Continuous Improvement: Promote a culture of continuous improvement in GRC practices.

Qualifications and Experience

• Strong background in Information Technology, Cybersecurity, or a related discipline.
• Knowledge of frameworks like ISO 27001, NIST, GDPR, and HIPAA.

• 5-8 years in IT GRC, preferably in the Energy sector.

• Hands-On Experience: Identifying, assessing, and mitigating risks.
• Practical Application: Applying GRC principles in energy sector

Work Environment & Physical Requirements: -

• Location: Pune, India, with intermittent travel to sites.
• Team Size: Individual Contributor role.
• Physical Activity: Extended periods of concentration, technical hands-on work, and physical activity during site visits.
• Reports to: Cyber Security & IT Infrastructure Manager

Why Join ENGIE?

As a Deputy Manager IT-GRC at ENGIE, you will play a pivotal role in safeguarding and improving the Digital & IT landscape of a global leader in energy and sustainability. Drive ENGIE’s mission to achieve a carbon-neutral world through innovative technology solutions. Join us to contribute to a sustainable future and be part of a transformative journey towards a more efficient and eco-friendlier world.

Visit us at www.engie.com and www.engieindia.com