ISMS Governance & Compliance

5 to 8 years

3-4 years of experience in GRC domain

12 to 15 LPA Budget

Immediate to 60 days

Governance, Compliance & ISMS Specialist

Job Description:

Responsibilities:

Governance:

• Develop and implement robust governance frameworks to ensure effective decision-making processes and adherence to organizational policies.
• Collaborate with stakeholders to establish governance structures that align with industry best practices.

Compliance Management:

• Monitor and ensure compliance with relevant laws, regulations, and industry standards.
• Conduct regular audits to assess compliance levels and implement corrective actions as needed.

ISMS (Information Security Management System):

• Design, implement, and manage the Information Security Management System (ISMS) in accordance with ISO 27001 standards.
• Oversee the development and maintenance of security policies, procedures, and documentation.

Risk Management:

• Identify, assess, and prioritize risks related to governance, compliance, and information security.
• Implement risk mitigation strategies and work with stakeholders to create a risk-aware culture.

Policy Development:

• Develop and review governance, compliance, and information security policies, ensuring they align with organizational goals and industry standards.
• Communicate policy changes and updates to relevant stakeholders.

Training and Awareness:

• Conduct training sessions and awareness programs on governance, compliance, and information security for employees at all levels.
• Foster a culture of compliance and security awareness within the organization.

Incident Response:

• Develop and maintain an incident response plan for governance, compliance, and information security incidents.
• Coordinate and lead incident response efforts, ensuring timely resolution and reporting.

Reporting:

• Prepare and deliver regular reports to management on governance, compliance, and ISMS metrics, highlighting areas of improvement and adherence levels.

Vendor Management:

• Assess and manage third-party vendor compliance with governance and information security requirements.

Identity Access Management:

• Collaborate with cross-functional teams to design and implement role-based access control (RBAC) and least privilege access models.
• Conduct regular access reviews and audits to ensure compliance with regulatory standards and internal policies.

Privileged Access Management

• Develop, implement, and maintain privileged access management (PAM) policies, procedures, and standards to safeguard critical systems and data from unauthorized access.
• Collaborate with IT teams to identify and assess privileged accounts, including conducting access reviews and audits to mitigate security risks
• Develop and maintain documentation, guidelines, and training materials to educate stakeholders on PAM policies, procedures, and best practices.
• Establish and maintain effective relationships with vendors to ensure compliance standards are met.

Requirements:

Education:

Bachelor's degree in Information Technology, Computer Science or a related field. Relevant certifications (e.g., CISA, CISSP, ISO 27001 Lead Implementer) are advantageous.

Experience:

• Proven experience in governance, compliance, identity access, information security management and roles.
• Familiarity with international standards and frameworks related to governance and information security, including but not limited to ISO 27001:2022, NIST, COBIT etc.

Communication Skills:

Excellent written and verbal communication skills to effectively convey complex governance, compliance, and security concepts to various stakeholders.

Analytical Abilities:

Strong analytical and problem-solving skills to assess and address governance, compliance, and security risks.

Project Management:

Experience in managing projects related to governance, compliance, and information security initiatives.

Team Collaboration:

Ability to collaborate effectively with cross-functional teams, including legal, IT, and risk management.

Continuous Learning:

Commitment to staying updated on emerging trends, best practices, and changes in governance, compliance, and information security.