Governance, Risk Compliance (GRC), Information Security

Job Description

Qualification: BE/ BTech Below certification would be an added advantage: CISA, ISO27001, ISO22301, CISSP Experience: Senior Manager/AGM– 2to 6 years Proven track record in risk assessment, policy development and compliance management. Role and Responsibilities: 1. · Develop, review and update information security policies, procedures and frame works to align with industry best practices and regulatory requirements. · Ensure the integration of security governance into the overall enterprise risk management framework. 2. · Conduct comprehensive risk assessments, including identifying threats, vulnerabilities and potential impacts. · Develop and implement risk management strategies, including risk acceptance, mitigation, and transfer. Monitor and evaluate the effectiveness of risk management controls and adjust strategies as necessary. 3. · Ensure compliance with regulatory requirements such as SEBI, CERT-In, NCIIPC, etc and industry standards including ISO 27001, NIST, etc. · Manage and coordinate internal and external audits, including preparation of documentation, scheduling, and follow-up on audit findings. · SupportforInteractionwithregulatorybodiesandexternalagenciesthatcouldbehelpfulinreplyingto queries, notices, data demands from the organizations like e.g. CERT-In, SEBI, NCIIPC. · Preparing/collecting data for SCOT/Board meeting. 4. · Develop and maintain incident response plans, including procedures for identification, containment, eradication, and recovery. · Assist with the investigation and resolution of security incidents and breaches. · Conduct root cause analysis and develop recommendation stop prevent recurrence. 5. · Designandimplementsecurityawarenesstrainingprogramsforemployeesatalllevels. · Conduct periodic security training sessions and workshops. · Assesstheeffectivenessoftrainingprogramsandmakeimprovementsbasedon feedback and incident trends. 6. · Prepare detailed reports on the status of information security governance, risk management and compliance activities. · Document and track issues, findings and remediation efforts. · Provideregularupdatestoseniormanagementandstakeholdersonsecuritypostureandcompliance status. · Prepare and maintain risk registers. · Prepare ISO27001 & ISO22301 related documentation. 7. · Develop and manage the life cycle of security policies and procedures, including review cycles and approval processes. · Ensure all documentation is current, accurate and accessible to relevant stakeholders. 8. · StakeholdermanagementincludinginteractionwithBusinessHeads,ITLeadersonprovidinginformation on Various IT Related Risks, Audit Findings, Implementation, Governance and Regulatory Compliance aspects. · Work closely with external IS Auditors/Vendors for Scheduling, Monitoring and Closing IT and IS related Issues on a timely manner. Skills: · Strong oral and written communication, analytical and problem-solving skills, as well as excellent judgment on data analysis. · Superior organizing skills along with time and team management. · Experience of project management using MS Projector other tools. · Ability to effectively use collaboration tools like SharePoint, Teams etc. for optimum execution & control. Job Types: Full-time, Permanent Pay: Up to ₹1,800,000.00 per year Benefits: Health insurance Paid sick time Provident Fund Schedule: Day shift Work Location: In person