Manager - Risk and Compliance

Job Description

Title: Manager - Risk & Compliance Band/Designation: Manager Job Location: Madhapur, Hyderabad. (Work from office only). Candidates looking for remote working or not comfortable with the job location need not apply. Summary: - Maintain the Information Security Management System (ISMS) as per standard ISO 27001/2. - Ensure that the company IT & Cyber Security Infrastructure are complying to internal policies, regulatory and legal requirements. - Facilitate the external audit and 3rd party audit. Responsibilities: 1. Maintain the ISO 27001 Certification 2. Ensure the companys risk register is updated. 3. Based on ISMS monitoring results, evaluate & recommend for IS policy change and new information security countermeasures. 4. Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance. 5. Create and maintain the Policies and Processes. Review the Process, SOP, blueprint, and guideline documents. 6. Develop methods to monitor and measure risk, compliance, and assurance efforts. 7. Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. 8. Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers). 9. Monitor systems development and operations for security and privacy compliance. 10. Identify and correct potential company compliance gaps and/or areas of risk to ensure full compliance with privacy regulations. 11. Perform ongoing privacy compliance monitoring activities. 12. Ensure that operational and Research and Design (R&D) processes and procedures are in compliance with organizational and mandatory cybersecurity requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities. 13. Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements. 14. Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing. 15. Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements. 16. Adhere and promote the information security policy awareness and best practices in the company. Education: Graduation in any stream Certification: Security Certifications like CISSP, CRISC, CISA, CISM, etc. Experience: Candidate must have 8-12 years of total experience with 5-7 years of relevant experience Knowledge: IT Audit / Assessments Risk Management Information Security Policy Skills: Manager IT Security, IT Risk, GRC