GRC Commercial Lead

Role Overview: You will be joining GlobalLogic as a part of a team working on a significant software project for a world-class company that provides M2M/IoT 4G/5G modules to industries such as automotive, healthcare, and logistics. Your contribution will involve developing end-user modules" firmware, implementing new features, maintaining compatibility with the latest telecommunication and industry standards, as well as analyzing and estimating customer requirements. Key Responsibilities: - Lead the implementation of the ISO 27001/27701 standard across the organization, including scoping, planning, and executing ISMS initiatives. - Develop and maintain project plans, timelines, and deliverables for successful ISO 27001/27701 requirements implementation. - Conduct comprehensive risk assessments to identify information security risks and vulnerabilities. - Develop risk treatment plans and controls to mitigate identified risks in alignment with ISO 27001/27701 guidelines. - Develop, review, and update information security policies, procedures, and guidelines to comply with ISO 27001/27701 standards. - Ensure effective communication of policies and procedures to all employees and stakeholders. - Develop and deliver training programs on information security policies, procedures, and best practices. - Promote awareness of information security requirements and responsibilities throughout the organization. - Plan and conduct internal audits of the ISMS to assess compliance with ISO 27001/27701 standards and organizational policies. - Monitor and track corrective and preventive actions (CAPAs) to address audit findings and improve ISMS effectiveness. - Maintain documentation of ISMS activities, including risk assessments, policies, procedures, audit reports, and compliance records. - Prepare regular reports and presentations for senior management on the status of ISMS implementation, compliance, and improvement initiatives. Qualifications Required: - Bachelor's degree in Information Technology, Computer Science, Business Administration, or a related field. Advanced degree (e.g., MBA, Master of Information Security) preferred. - Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or ISO 27001 Lead Auditor/Implementer certification required. - Minimum of 8+ years of experience in implementing and managing Information Security Management Systems (ISMS) based on ISO 27001/27701 standards. - Strong understanding of ISO 27001/27701 requirements, controls, and implementation best practices. - Experience in conducting risk assessments, developing information security policies, and managing compliance initiatives. - Excellent project management skills with the ability to prioritize tasks, manage timelines, and lead cross-functional teams.,