GRC - Governance, Risk Compliance , Information Security

Job Description

Job Title: Governance, Risk Compliance (GRC), Information Security Location: Mumbai Qualification: Bachelor’s degree in information security, Computer Science, or a related field. Below certification would be an added advantage: CISA, ISO27001, ISO22301, CISSP Experience: Senior Manager/AGM– 8to 10 years Proven track record in risk assessment, policy development and compliance management. Role and Responsibilities: 1. Governance:  Develop, review and update information security policies, procedures and frame works to align withindustry best practices and regulatory requirements. Ensure the integration of security governance into the overall enterprise risk management framework. 2. Risk Management: Conduct comprehensive risk assessments, including identifying threats, vulnerabilities and potential impacts. Develop and implement risk management strategies, including risk acceptance, mitigation, and transfer.Monitor and evaluate the effectiveness of risk management controls and adjust strategies as necessary. 3. Compliance: Ensure compliance with regulatory requirements such as SEBI, CERT-In, NCIIPC, etc and industry standardsincluding ISO 27001, NIST, etc. Manage and coordinate internal and external audits, including preparation of documentation,scheduling, and follow-up on audit findings. SupportforInteractionwithregulatorybodiesandexternalagenciesthatcouldbehelpfulinreplying toqueries, notices, data demands from the organizations like e.g. CERT-In, SEBI, NCIIPC. Preparing/collecting data for SCOT/Board meeting. 4. Incident Management: Develop and maintain incident response plans, including procedures for identification,containment, eradication, and recovery. Assist with the investigation and resolution of security incidents and breaches. Conduct root cause analysis and develop recommendation stop prevent recurrence 5. Training and Awareness:  Designandimplementsecurityawarenesstrainingprogramsforemployeesatalllevels. Conduct periodic security training sessions and workshops. Assesstheeffectivenessoftrainingprogramsandmakeimprovementsbasedon feedback and incidenttrends. 6. Reporting and Documentation: Prepare detailed reports on the status of information security governance, risk management andcompliance activities. Document and track issues, findings and remediation efforts. Provideregularupdatestoseniormanagementandstakeholdersonsecuritypostureandcompliancestatus. Prepare and maintain risk registers. Prepare ISO27001 & ISO22301 related documentation. 7. Policy and Procedure Management: Develop and manage the life cycle of security policies and procedures, including review cyclesand approval processes. Ensure all documentation is current, accurate and accessible to relevant stakeholders. 8. Audit Management: Stakeholdermanagement includinginteractionwithBusinessHeads,ITLeaders onproviding information on Various IT Related Risks, Audit Findings, Implementation, Governance and Regulatory Complianceaspects. Work closely with external IS Auditors/Vendors for Scheduling, Monitoring and Closing IT and IS related Issues on a timely manner. Skills: Strong oral and written communication, analytical and problem-solving skills, as well as excellentjudgment on data analysis. Superior organizing skills along with time and team management. Experience of project management using MS Projector other tools. Ability to effectively use collaboration tools like SharePoint, Teams etc. for optimum execution & control. Job Types: Full-time, Permanent Pay: Up to ₹2,500,000.00 per year Benefits: Health insurance Paid sick time Paid time off Provident Fund Work from home Schedule: Day shift Fixed shift Monday to Friday Work Location: In person