15 Grc Tools Jobs

What You'll Do: Practice Leadership: Define and execute the overall strategy for the GRC practice. Identify and develop new service offerings to meet evolving client needs. Establish and maintain strong relationships with key technology partners. Stay abreast of industry trends and emerging security threats. Solution Development & Delivery: Lead the development of comprehensive GRC Security solutions tailored to client requirements. Oversee the implementation and management of security services, Privacy Assessment, Audits, Third Party Risk Management. Familiarity with compliance & security standards across the enterprise IT landscape. Knowledge of compliances (PCI DSS, SOX etc.) and IS standards (ISO 27001, BS25999, ISO 2700X, OWASP, CIS, etc). Develop and maintain comprehensive service documentation and operational procedures. RFP Response & Pre-Sales: Lead the technical response to RFPs and RFIs, crafting compelling solutions that address client security challenges, collaborate with sales teams to develop winning proposals and presentations. Provide expert security guidance during client meetings and presentations. Client Relationship Management: Build and maintain strong relationships with clients, conduct regular service reviews and provide proactive security recommendations. Act as a trusted advisor to clients on security matters Expertise You'll Bring: Bachelor's degree in Business, Computer Science, Information Technology, or related field. Master's degree preferred. Minimum of 10 years of experience in GRC, including experience in practice building. Extensive knowledge of GRC frameworks, standards, and best practices, such as ISO 27001, NIST Cybersecurity Framework, and COBIT. Hands-on experience with GRC tools and platforms, such as RSA Archer, ServiceNow GRC, or similar solutions. Strong understanding of risk management principles and methodologies. Experience with regulatory compliance requirements, such as GDPR, HIPAA, PCI DSS, and SOX. Excellent communication and leadership skills, with the ability to effectively lead and mentor a team. Relevant certifications such as CRISC, CISA, CISSP, or GRC-related certifications are a plus.

As a Cybersecurity Analyst II - GRC at AGCO, you will play a crucial role in addressing some of the world's most pressing challenges related to cybersecurity. Your primary responsibilities will involve developing and maintaining relationships with various teams within the enterprise to influence and achieve cybersecurity objectives related to governance, risk, and compliance. By leveraging best practices, you will lead risk activities across product, enterprise, and manufacturing teams, ensuring compliance with policies and standards while staying informed about the latest regulatory trends. Your expertise will be pivotal in serving as a subject-matter expert in governance, risk, and compliance, guiding teams through threat modeling exercises and risk analysis using industry-leading practices. Key Responsibilities: - Maintain an active crosswalk mapping between all policies and standards and cybersecurity frameworks like NIST CSF and ISO 21434. - Define threat modeling strategies and lead teams in executing them across different sectors within the enterprise. - Act as an independent voice for the GRC team, contributing to innovative risk analysis efforts across projects. - Conduct regular risk register reviews, follow up on identified risks, and escalate high-risk areas appropriately. - Assist in defining the annual program calendar for all GRC activities, including compliance audits and risk reviews. - Develop standards and control checks to ensure compliance with policies and standards across teams and projects. Qualifications: - Bachelor's degree with at least 7 years of industry experience in information technology or GRC roles, with a minimum of 5 years of relevant experience. - Experience in developing or maintaining cybersecurity policies, risk management frameworks, and working in enterprise, cloud computing, product security, or manufacturing security. - Familiarity with cybersecurity frameworks such as NIST, ISO standards, and various risk methodologies. - Ability to evaluate cybersecurity risk and business value across different scenarios, with a willingness to learn new technologies quickly. - Comfortable working in a fast-paced, global organization with dispersed teams. Preferred Qualifications: - Experience in Agile, Scrum, or SAFe environments. - Relevant cybersecurity or risk management certifications like CRISC, CISSP, GTSRT. - Proficiency in working with GRC tools, managing policy documentation, and assessing cybersecurity risk. - Familiarity with the agriculture or manufacturing industry. At AGCO, we value diversity, inclusion, and innovation, and we are committed to providing a positive workplace culture where every individual can thrive. Join us in shaping the future of agriculture and contribute to making a positive impact on the world. Apply now and be part of our dynamic team! Please note that this job description may not encompass all duties, responsibilities, or benefits associated with the role and is subject to change as needed. AGCO is an Equal Opportunity Employer.,

Exide Energy Solutions Limited (EESL) is a rapidly growing company dedicated to addressing social issues related to energy, environment, and resources by manufacturing lithium-ion battery products. EESL is currently establishing India's first Giga plant for manufacturing Lithium Ion Cells in Bengaluru. We are seeking a Senior Manager - SAP COE to join our Manufacturing organization in Devanahalli, Bangalore. As the SAP Lead, you will be the main point of contact and coordinator for all SAP-related initiatives, collaborating closely with the SAP Center of Excellence (COE) team, external vendors, partners, and internal business teams. Your responsibilities will include gathering and analyzing detailed business requirements, translating them into effective SAP solutions, and ensuring alignment with organizational goals. You will oversee the end-to-end testing process, evaluate alternative approaches to optimize system performance, and validate results to guarantee the accuracy and effectiveness of SAP implementations. In addition to your technical duties, you will play a key role in facilitating communication and collaboration among stakeholders to drive successful project delivery, continuous improvement, and operational excellence within the SAP landscape. Key Roles & Responsibilities: - Lead the roll-out and implementation of new business applications and functionalities within SAP MM, PP, PS, SD, FICO, and QM modules. - Ensure successful SAP implementation by providing functional expertise, guidance, presentations, and instructions on SAP products to clients. - Collaborate with the SAP Run Team to prioritize, test, and deploy system change requests or provide support. - Design and implement core functionalities of SAP MM, including screen controls. - Assist in SAP SD, MM, and FICO modules implementation and support for clients. - Participate in SAP technical and functional rollouts at the group level. - Gather requirements, design, implement, and support SAP Materials Management to enhance clients" business functionality and performance. - Configure the SAP system in the MM areas to meet the requirements collected during blueprinting work sessions. Mandatory Skills: - Strong presentation and facilitation skills. - In-depth ERP knowledge in at least two modules on a process, data structure, and architectural level, with a focus on SD, MM, and FICO. - Excellent interpersonal skills and the ability to communicate effectively with internal and external customers to understand specific data needs and translate them into comprehensive solutions. - Minimum of 5 years of experience in full project lifecycle implementations. - Experience in Greenfield SAP Rollout at the Plant level. - Exposure to Carve out/Carve in scenarios and SAP GRC Tools. - Integration experience with MES and WMS. Desired Skills: - Advisory experience with senior leadership and senior IT staff on IT applications design, configuration, and testing of SD, MM processes in Semiconductor, Manufacturing, and shared services industries. Education: - B.E/B.Tech with 10-20 years of relevant experience.,

The role is to support the development and maintenance of robust control frameworks and a unified Technology & Cyber Security Control library. You will help implement process control monitoring capabilities to coordinate control execution across Engineering and contribute to driving a positive risk culture within Engineering by implementing processes for control efficiency demonstration. This role requires organized, methodical thinking with strong attention to detail for creating control test plans and documentation. Your responsibilities will include: - Maintaining and regularly updating the centralized Technology & Cyber Security control library, ensuring controls align with industry frameworks (NIST, ISO, COBIT) and regulatory requirements (e.g. DORA). You will help translate complex framework/regulatory requirements into clear, actionable controls. - Conducting Tests of Design Assurance and Operating Effectiveness Assurance for key controls at both group and divisional levels, providing critical support for Group Engineering, Risk & Control Assessments. Documenting test results and identifying areas for improvement. - Establishing and overseeing processes to ensure control evidence is properly documented, stored, and accessible at required frequencies. Creating standardized templates for evidence collection to improve consistency. Reviewing monitoring results for completeness and accuracy, driving corrective actions as needed. - Planning and coordinating periodic independent assurance activities with internal audit teams and external assessors, preparing documentation and facilitating access to evidence. - Implementing, tracking, and analyzing Key Control Indicators (KCIs) aligned to the control library, helping to identify trends and potential weaknesses before they impact operations. - Maintaining detailed control performance dashboards and metrics that clearly communicate control status to various partners, from technical teams to executive leadership. Performing sample-based testing of control operating efficiency. - Identifying thematic control weaknesses and collaborating with control/process owners to develop and implement effective remediation strategies with clear timelines and accountability. Representing Engineering in risk discussions with internal team members. - Leading a team of GRC analysts, providing mentorship, technical guidance, and career development opportunities while ensuring high-quality results. Qualifications: - Relevant degree in IT, Cybersecurity, or Risk Management (Desirable). - 5+ years of experience in technology controls or compliance. - Strong knowledge of control frameworks (NIST, ISO, COBIT). - Demonstrable knowledge of key controls across Technology process areas (e.g. incident, change, capacity management). - Experience in control implementation across Technology process areas. - Experience in control testing and evidence validation. - Proven team management and project delivery skills. - Excellent analytical, communication abilities, and presentation skills. - Experience with GRC tools and control automation. About Us: LSEG (London Stock Exchange Group) is a diversified global financial markets infrastructure and data business dedicated to excellence in delivering services to customers. With extensive experience and deep knowledge across financial markets, we enable businesses and economies worldwide to fund innovation, handle risk, and build jobs. LSEG values integrity, partnership, excellence, and change, guiding our decision-making and actions every day. We are committed to sustainability and driving sustainable economic growth.,

You will be joining our team as an SAP Authorization Expert at SSC India. Your primary responsibility will be to create and implement authorization concepts across SAP ERP 6.0 and S/4 HANA systems. You must have a strong background in customizing PFCG roles and ensuring seamless integration with other SAP modules. Your role will also involve maintaining compliance with regulations, policies, and standards, as well as providing user support and collaborating with stakeholders for successful project outcomes. Key Responsibilities: - Design and implement authorization concepts for SAP ERP 6.0 and S/4 HANA systems. - Customize and maintain PFCG roles to align with organizational needs. - Integrate authorization concepts with other SAP modules and systems. - Ensure compliance with internal and external regulations, policies, and standards. - Provide user support for authorization-related topics and address issues based on root cause analysis. - Collaborate with business stakeholders to translate requirements into SAP solutions. - Identify opportunities for process improvements and system enhancements. Qualifications: - Education: Bachelor's degree in Finance, Business Administration, Informatics, Engineering, or related field. - Experience: 5-7 years of experience in SAP authorization and access management. - Skills: Strong knowledge in authorization and access management, proficiency in customizing PFCG roles, excellent problem-solving skills. - Communication: Excellent communication skills to interact with clients and stakeholders for understanding security requirements and providing solutions.,

The Head of Management Assurance at STL will play a crucial role in enhancing the organization's risk management, internal controls, and governance frameworks. This position requires a strategic leader who can oversee audit programs, proactively identify and address business risks, and ensure compliance and process integrity across various functions such as manufacturing, commercial, and corporate operations. Responsibilities include developing and executing the Annual Audit Plan based on business risk priorities, aligning internal audit activities with the overall business strategy, identifying emerging risks and operational inefficiencies, recommending and monitoring control enhancements, ensuring adherence to internal policies and external regulations, and promoting operational efficiency and value creation through process improvements and the adoption of digital audit tools. The ideal candidate should hold a Chartered Accountant (CA) or Certified Internal Auditor (CIA) qualification, with additional certifications like CISA, CPA, or an MBA in Finance/Risk being advantageous. They should have at least 12-18 years of experience in internal audit, risk, or assurance functions, including a minimum of 5 years in a leadership role. Exposure to manufacturing, engineering, or technology-driven industries is preferred, and experience in a listed or global enterprise is desirable. Key competencies for this role include a strong understanding of internal controls, risk frameworks, and regulatory environments, proficiency in IT and application tools such as SAP, GRC tools, and data analytics, excellent executive-level communication and influencing skills, high integrity, objectivity, and business acumen, analytical thinking with a problem-solving orientation, and the ability to handle confidential matters and high-stakes business scenarios with maturity.,

Role & responsibilities: Develop, implement, and maintain the enterprise-wide Risk Governance Framework aligned with regulatory and business needs Ensure regulatory compliance with NHB, RBI, and other applicable risk-related requirements Facilitate Risk Appetite Framework implementation and alignment with business strategy Promote risk awareness and a culture of accountability across the organization through training and communication Coordinate the periodic review and update of risk policies and procedures across all risk types Act as liaison for internal and external audits, inspections, and regulatory queries related to risk governance Preferred candidate profile: Exposure to affordable housing finance or retail lending in low-income segments Certification in risk or governance frameworks (e.g., FRM, IRM, GRC) Familiarity with enterprise GRC tools or risk documentation systems Eligibility 7+ years of experience in risk governance, enterprise risk management, compliance, or audit roles in lending/financial services Strong understanding of risk policies, governance frameworks, and regulatory guidelines (especially NHB/RBI) Excellent organizational and documentation skills, with an eye for detail Proficient in preparing management-level presentations, committee packs, and risk reports Strong interpersonal and stakeholder management skills

Implement security strategy, policies & controls.Oversee risk, vendor security, BCDR, vulnerability remediation & AppSec.Drive compliance, training,audits,and continuous improvement.GRC tool expertise,ISO27001 Implementer/Auditor,CGRC/BCMS preferred.

As a Security Architect & Engineer, you will play a crucial role in designing secure architectures, implementing effective security controls, and supporting security operations across IT and cloud environments. Your responsibilities will involve creating long-term security strategies aligned with business goals, evaluating security technologies, and ensuring compliance with regulatory requirements. In the realm of Security Architecture, you will be tasked with designing secure and scalable architectures that seamlessly integrate with existing IT systems. Your role will also involve recommending security technologies, frameworks, and practices across IT, OT, and cloud environments. Implementing access control and identity management measures will be essential, including least privilege, RBAC, MFA, and SSO controls. In terms of Security Engineering, you will apply secure configuration baselines and automation across operating systems, databases, and cloud environments. Supporting security and vulnerability assessments, assisting in patch implementations, and promoting infrastructure-as-code and DevSecOps practices will also fall under your purview. Your involvement in Security Operations will require collaboration with SOC and IT teams to detect, investigate, and respond to security incidents. To enhance security measures, you will support threat hunting, root cause analysis, and the evolution of incident response and disaster recovery plans. Regarding Risk, Compliance & Governance, you will be responsible for identifying and mitigating security risks associated with IT systems. Developing security policies, conducting risk assessments, ensuring compliance with frameworks and regulations, and providing security input into vendor assessments will be crucial aspects of your role. In terms of Collaboration & Communication, you will act as a trusted advisor to internal teams on security best practices and secure solution design. Your ability to translate complex security topics into actionable guidance for technical and business stakeholders will be paramount. To qualify for this role, you should hold a Bachelor's degree in Information Security, Computer Science, or a related field, along with 8-12 years of cybersecurity experience. Strong knowledge of cloud security services, regulatory compliance requirements, IAM concepts, and relevant certifications are required. Additionally, experience with SIEM, EDR, vulnerability scanners, and cloud-native controls is essential. While not mandatory, advanced knowledge in cloud security architecture, experience with automation tools, and relevant certifications like CISSP, CISM, or CEH would be advantageous. This position may offer remote work options and will involve collaboration with diverse teams in a dynamic environment, providing you with the opportunity to contribute to critical security initiatives.,

The Head Management Assurance position at STL involves enhancing the company's risk management, internal controls, and governance frameworks. This role is crucial in providing strategic guidance for audit programs, actively identifying and addressing business risks, and ensuring process integrity and compliance across various functions within the organization. As the Head Management Assurance, you will be required to possess a forward-thinking approach and a strong business acumen. Acting as a trusted advisor to senior leadership is essential to foster a culture of transparency, operational excellence, and sustainable growth within the company. Your responsibilities will include leading the development and implementation of the Annual Audit Plan in alignment with business risk priorities. You will be tasked with identifying potential business risks, process vulnerabilities, and operational inefficiencies, and recommending appropriate mitigation strategies and control enhancements across different business units. Collaborating with functional heads to instill a risk-aware culture in decision-making processes will be a key aspect of this role. Ensuring adherence to internal policies, external regulations, and industry standards such as SEBI, SOX, and ISO will also be part of your responsibilities. Conducting compliance audits and supporting investigations of whistleblower complaints or fraud alerts will be crucial in maintaining governance and compliance standards. Moreover, you will be expected to provide insights that drive operational efficiency, cost optimization, and process improvements. Encouraging the adoption of data analytics, automation, and digital audit tools to facilitate agile assurance delivery will be vital for operational excellence and value creation within the organization. As the Head Management Assurance, you will be responsible for preparing audit reports with actionable insights and presenting findings to the Executive Committee. Collaboration with statutory auditors, external consultants, and the group internal audit team may also be necessary. The ideal candidate for this position should hold a Chartered Accountant (CA) or Certified Internal Auditor (CIA) qualification. Additional certifications such as CISA, CPA, or MBA in Finance/Risk would be advantageous. A minimum of 12-18 years of experience in internal audit, risk, or assurance functions, with at least 5 years in a leadership role, is required. Exposure to manufacturing, engineering, or technology-driven industries is preferred, and experience in a listed or global enterprise would be desirable. Key competencies for this role include a strong understanding of internal controls, risk frameworks, and regulatory environments. Proficiency in IT and applications such as SAP, GRC tools, and data analytics is essential. Excellent executive-level communication and influencing skills, along with high integrity, objectivity, and business acumen, are crucial. Analytical thinking, problem-solving abilities, and the capacity to handle confidential matters and high-stakes business scenarios with maturity are also key attributes for success in this role.,

We are seeking a GRC Consultant to support risk assessments, compliance audit(ISO 27001, SOC 2, GDPR), and policy development. The candidate will have strong knowledge of regulatory frameworks, risk management, and hands-on experience with GRC tools.

Risk Identification and Assessment : Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. Assist in the identification and evaluation of risks associated with third-party vendors and partners. Maintain the IT risk register, documenting risks, issues, and remediation actions. Risk Mitigation and Monitoring : Recommend risk mitigation strategies and implement risk management controls across IT infrastructure. Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities. Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed. Compliance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST). Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices. Support the development and implementation of IT governance, risk, and compliance frameworks. Vendor Risk Management : Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications Education: Bachelor's degree in information technology, Cybersecurity, Risk Management, or a related field. Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable. Experience: 2 - 4 years of experience in IT risk management, IT auditing, or information security. Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT). Skills and Competencies: Solid understanding of IT infrastructure, systems, and security standard processes. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex risk concepts to non-technical collaborators. Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS). Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). Technical Knowledge: Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and fixing skills. Strong verbal and written communication skills. Ability to work effectively with global, virtual teams . High degree of initiative and self-motivation. Ability to manage multiple priorities. Team oriented, with a focus on achieving team goals. Strong presentation and public speaking skills. Collaboration with distributed team.

What you will do Lets do this. Lets change the world. In this vital role you will be part of the Governance, Risk and Compliance (GRC) team within Cybersecurity and Digital Trust (CDT). This team is part of Amgen's technology team. In this position you are responsible for enabling Information Technology Sarbanes-Oxley (SOX) Compliance. You are required to collaborate with the IT SOX Compliance Manager, service owners, engineers, and other Amgen internal partners such as Finance, Compliance, Corporate Audit and Law department to develop, maintain, and improve Amgens Information Compliance. Roles & Responsibilities: You will bring forth out of the box thinking, an agile approach and domain expertise and highly developed understanding of IS controls to empower IS process and product owners to build and maintain IT controls and solutions with compliance, by design. You will perform the following activities, and any additional tasks required to attest that our systems, applications and infrastructures subjected to different aspects of compliance are able to verify adherence efficiently and effectively. Own and run the ITGC SOX Controls Management and Compliance function Deep understanding of industry standard regulatory compliance frameworks Exceptional interpersonal skills, soft skills and presentation skills Prior experience in working with and presenting to external auditors Experience working with regulatory tools and applications Coordinate, collaborate, and communicate with IT personnel across the organization, audit committee and regulatory compliance teams to ensure that our IS SOX process is followed as required by our organization Ability to demonstrate solid sense of ownership, detail orientation, keen focus on quality and setting clear expectations In charge of working with process owners, internal, and external auditors in support of our quarterly certification process Collaborate and support any SOX evidence request efforts made by Internal and External Audit teams Develop and promote educational mentorship resources that will help facilitate new owners understanding of the Sarbanes-Oxley Act and their responsibilities Review documentation to identify control gaps Create and author documentation and training materials Participate in walkthroughs with system, service, and process owners Review and analyze SOX systems and applications showing in Configuration Management Database (CMDB) for SOX applicability and ensure all components are collected and accounted for Deep understanding of IT infrastructure and hands on experience in Information Technology Infrastructure Library (ITIL) and System Development Life Cycle (SDLC) Assess the risks of IT audit findings, identify mitigating controls and incorporate in IT process framework continual improvement Map regulatory requirements across functions to identify compliance and audit response efficiencies while liaising with internal auditors and IT service owners to ensure information assurance processes are mature, and outcomes are effective by appropriately addressing and raising relevant risks to policy and regulatory compliance Maintain awareness of changing technology environments, implementation methodologies and frameworks used to support responsible functions (e.g., AI, machine learning, Dev Ops, etc.) Ensure quality of work and timeliness across different functional deliverables and take ownership of issues and coordinate through to completion What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Masters degree with 4 to 6 years in Information Technology or Cybersecurity OR Bachelors degree with 6to 8 years experience in regulatory compliance and auditing Functional Skills: Must-Have Skills: 4+ years of IT audit, Information Technology / Security control assurance or enterprise IT compliance experience Working knowledge of Information Governance principles and Information Security principles: confidentiality, integrity, and availability Knowledge of international standards for Information Technology and Information Governance Experience working with various technologies, IT frameworks and methodologies Proven ability to understand the concepts of new cloud technologies and other paradigms such as emerging Big Data technologies, lean methodologies to propose appropriate controls and compliance mentorship Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience Possess strong organizational and collaboration skills Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience Possess strong organizational and collaboration skills Working in large / global corporate environments involving multiple businesses Good-to-Have Skills: 3+ years of experience within health, biotechnology/pharma or other regulated industries Experience working in Agile and/or DevOps teams (SCRUM) Working experience with Governance, Risk and Compliance (GRC) tools. Exceptional teamwork encompassing multi-functional teams, peer relationships, informing, understanding and appreciating differences Strong ability to convey and influence complex information compliance, risk and security issues in a manner that is easily understood and actionable Ability to effectively facilitate and inspire change within the organization. Developing / delivering presentations to large audiences and at all levels within the organization Professional Certifications: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) SANS Global Information Assurance Certifications (GIAC) Soft Skills: Good communication and collaboration skills, particularly when working with global teams. Ability to manage and prioritize tasks effectively in a high-pressure environment. Critical thinking and problem-solving abilities, especially in incident response situations. A commitment to continuous learning and knowledge sharing.

Overview The Cybersecurity Governance, Risk, Compliance (GRC) Senior Analyst position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information. Conducts Cybersecurity risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes. Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls. Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements. The position reports to the Manager, GRC, and is responsible for executing the key functions of information risk management, security compliance, governance, and information security assurance. Primary Responsibilities In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team. You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes. You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels. Ensure compliance with laws, regulations, and industry standards, and compliance programs (e.g. SOC2, PCI, ISO 27001, NIST 800-X) Create processes to support effective risk identification, evaluation, communication, and remediation Participate in Risk Management Committee meetings Work with risk owners to develop plans of action to reduce or mitigate risks Analyzes security controls for effectiveness of design by evaluation of control documentation and process Analyzes security controls for operational effectiveness by evaluation of control evidence Contribute to corporate information risk management strategy, policies, standards, and tactical plans Contributes to a comprehensive internal security audit program that validates existing security controls Contribute to the company-wide security awareness program and compliance training Coordinate annual enterprise risk assessment and PCI-self assessment activities Ensure all systems, processes, and changes are formally documented Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance Maintains the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders Skills/Requirements Required Knowledge, Skills and Experience: Bachelor's degree in a technology or business-related field (BSc or BBA preferred) 8 years overall experience in Information Security, Risk Management, or IT audit 5 years of hands-on experience supporting one or more of the following programs: Risk Management Vendor Risk Management Security Audits and Compliance (especially SOC2) Vulnerability Management Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls Working knowledge of business and risk assessment methodologies/mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.) Very high attention to detail, with strong skills in managing/presenting data and information Very strong skills in documentation, including policies, standards, processes and procedures Ability to work independently and productively without constant supervision Critical thinking and analytical ability Excellent verbal and written communication skills Preferred Knowledge, Skills and Experience: Certification such as SANS GIAC, CISA, or CISSP preferred Previous experience in a software development company is preferred Experience using a GRC management platform (e.g. Archer, ZenGRC, etc.)

Role & responsibilities Experience in Implementing solutions in Compliance, Legal Department, Driving ABAC Related engagements Educational Qualification: Graduation/ Post- Graduation in Law OR qualified Chartered Accountant/ Company Secretary Skills Required: Driving GRC Engagements and implementing Controls for Compliance requirements Conduct periodic Anti Bribery Anti-Corruption (ABAC) checks, defining and implementation of system controls and monitoring the program for continual improvements. Perform inter-departmental reviews with key stakeholders to verify compliance with applicable Anti Bribery Anti-Corruption (ABAC) legislations. Should have worked on at-least 1 GRC Tool Doing Risk Assessment Across Departments and communicate with Stakeholders Should have good knowledge of Excel and Word applications and should be able to build quality presentations to Leadership. Build and Provide status reporting to leadership Good Communication and Presentation Skills Preferred candidate profile Good to Have Having a High Level Understanding of Order to Cash Process Program Management Experience Should have good aptitude and understand changing landscape of compliance