Senior Manager - Information Security Trust & Compliance (Bangalore)

• Own end-to-end delivery of large GRC projects/programs serving multiple clients and industry sectors. Define program governance, milestones, resourcing and budgets
• Develop and implement a risk-based GRC strategy and methodology that aligns with client business objectives, enterprise risk appetite, and applicable regulatory frameworks (e.g., NIST CSF and ISO 27001)
• Consolidate and right-size portfolio of audits to maximize balance of customer value and scale of organizational audit support
• Lead stakeholder management and executive engagement: present risk posture, compliance metrics, program status and strategic recommendations to executive management
• Establish and maintain a standardized and dynamic framework (policies, control libraries, risk assessment templates) suitable for cross-industry use
• Drive tooling, automation and data-driven reporting to scale assessments, monitoring, evidence collection and dashboards
• Conduct regulatory horizon scanning and translate emerging regulatory or industry changes into client requirements and program plans

• Direct and define comprehensive information security risk assessments and control reviews against client frameworks and regulatory requirements
• Define audit approach, scope, and audit programs; define audit procedures and identify required specialists
• Direct execution of periodic audits and control testing; prepare executive summaries
• Direct and define prioritized remediation and action plans, schedules, resource allocation and status reporting to reduce risk and close compliance gaps
• Direct full cycle remediation process ensuring high value root cause issues resolved with appropriate risk acceptance and escalation paths
• Define high quality control systems, standards, and governance processes; recommend policy and process changes to mitigate risk and champion continuous improvement
• Act as trusted advisor during incident response and compliance investigations, providing remediation and remediation monitoring support

• 11+ years of IT experience with minimum 8 years of experience in Information Security
• Security professional with expertise in GRC: IT audits, IT general controls, third party risk management, IT Risk Assessment, ISO 27001 implementation, ISMS audits
• SOC2 audit experience
• Model for interpersonal skills and stakeholder management
• Useful but not required certification: CISSP, ISO 27001 Lead Auditor, CISA, CISM

Perks and Benefits