Deputy Manager - IT GRC (Governance, Risk, and Compliance)

Role Overview: As the Deputy Manager - IT GRC at ENGIE India, your role is critical in ensuring the organization's Digital & IT landscape is secure, compliant, and aligned with business objectives. You will be responsible for developing, implementing, and managing IT GRC, risk management, and ensuring compliance with regulations and internal controls. This individual contributor role is based in Pune, India, with occasional onsite travel to support Digital & IT audits. Key Responsibilities: - Audit Preparation and Management: Prepare processes, teams, and documents for internal and external audits. Track and remediate audit observations with corrective and preventive actions. - Risk Management: Manage and track all technology-related risks for timely closure. Oversee formal risk analysis and self-assessment programs for various systems and processes. - Compliance: Ensure compliance with privilege access management processes and relevant IT regulations and standards, such as ISO 27001 and NIST CSF. - Documentation and Communication: Maintain strong documentation and communication skills. Ensure clear communication with stakeholders and effective conflict resolution. - Implementing Initiatives: Coordinate with various departments to ensure smooth execution and monitor progress. - Continuous Improvement: Foster a culture of continuous improvement within the IT GRC team. - Stakeholder Engagement: Engage with key stakeholders to ensure IT GRC strategies are well-supported and integrated. - Conducting Risk Assessments: Oversee comprehensive risk assessments to identify potential risks. - Developing Mitigation Strategies: Implement controls and safeguards to reduce the likelihood and impact of risks. - Monitoring and Reporting: Establish effective monitoring mechanisms and regularly report on risk status to management. - Collaboration with Departments: Work closely with various departments to ensure effective implementation of risk management strategies. - Adhering to Regulations: Ensure compliance with all relevant IT regulations and standards. - Implementing Best Practices: Promote the adoption of industry best practices within the organization. - Internal and External Audits: Conduct regular internal audits and manage relationships with external auditors and regulatory bodies. - Policy Development: Develop and maintain comprehensive IT GRC policies. Qualification Required: - Strong background in Information Technology, Cybersecurity, or a related discipline. - Knowledge of frameworks like ISO 27001, NIST, GDPR, and HIPAA. - 5-8 years in IT GRC, preferably in the Energy sector. - Hands-On Experience: Identifying, assessing, and mitigating risks. - Practical Application: Applying GRC principles in the energy sector.,