Urgent Role || IT Governance, Risk, and Compliance (GRC) || Gurugram

Job Description

Location: Gurgaon Sector 58 Preference: Candidates with experience in NBFCs Compensation: Up to 00 LPA Requirements: Strong communication skills, a compelling personality, and relevant profile exposure -----JOB DESCRIPTION--- For a role that encompasses IT GRC (Governance, Risk, and Compliance) along with IT Security Audit responsibilities, especially in the context of NIST, ISO 27001, SOC2, ITGC audit, RBI (Reserve Bank of India) regulatory compliance, IT Security Compliance, Business Continuity Management (BCM), Disaster Recovery (DR), and Vulnerability Assessment (VA), the roles and responsibilities would typically include: Governance, Risk, and Compliance (GRC): Develop and maintain IT governance frameworks aligned with industry standards and regulatory requirements. Establish and enforce policies, procedures, and controls to ensure compliance with applicable laws, regulations, and standards. Coordinate risk assessment and management activities across the organization. Monitor and report on compliance status to senior management and stakeholders. Facilitate audits and assessments to verify adherence to compliance requirements. Implement continuous improvement initiatives to enhance the effectiveness of GRC processes. IT Security Audit: Plan, coordinate, and conduct IT security audits based on regulatory requirements and industry best practices. Perform risk-based assessments of IT systems, networks, and applications to identify security vulnerabilities and weaknesses. Review and evaluate controls related to access management, change management, data protection, and incident response. Document audit findings, including recommendations for remediation and improvement. Collaborate with internal and external auditors to facilitate audit engagements and address audit findings. Track and monitor the implementation of audit recommendations to ensure timely resolution. Regulatory Compliance: Interpret and apply relevant regulatory requirements, including NIST Cybersecurity Framework, ISO 27001, and RBI guidelines. Conduct gap assessments against regulatory requirements to identify areas of non-compliance and develop remediation plans. Coordinate with business units and stakeholders to implement controls and measures to achieve compliance objectives. Prepare documentation and evidence to demonstrate compliance with regulatory requirements. Stay informed about changes in regulations and standards and assess their impact on the organization's compliance posture. IT Security Compliance: Establish and maintain IT security policies, standards, and guidelines in accordance with regulatory requirements and industry best practices. Conduct periodic reviews and assessments to ensure adherence to security policies and standards. Implement controls and measures to mitigate security risks and vulnerabilities. Monitor and analyse security events and incidents to detect and respond to security breaches. Provide guidance and support to business units on security compliance matters. Business Continuity Management (BCM) and Disaster Recovery (DR): Develop and maintain business continuity and disaster recovery plans aligned with organizational objectives and regulatory requirements. Run BCP/DR frameworks Conduct business impact analyses and risk assessments to identify critical business functions and dependencies. Coordinate the development, testing, and maintenance of BCM and DR plans. Ensure alignment between BCM/DR plans and IT systems, applications, and infrastructure. Provide training and awareness programs to ensure effective response and recovery during emergencies. Vulnerability Assessment (VA): Plan and execute vulnerability assessment activities to identify security weaknesses and vulnerabilities in IT infrastructure and applications. Utilize automated scanning tools and manual techniques to identify and prioritize vulnerabilities based on risk. Analyse and interpret scan results to provide actionable recommendations for remediation. Coordinate remediation efforts with IT teams to address identified vulnerabilities in a timely manner. Monitor and track the status of vulnerability remediation efforts and report on progress to stakeholders. In summary, this role involves a comprehensive approach to managing IT governance, risk, and compliance, along with conducting IT security audits, ensuring compliance with regulatory requirements such as NIST, ISO 27001, and RBI guidelines, and overseeing BCM, DR, and VA activities. Effective communication, collaboration, and coordination with various stakeholders are essential for success in this role. Digital Personal Data Protection Act (DPDPA) and GDPR Compliance: Interpret and ensure compliance with the provisions of the Digital Personal Data Protection Act (DPDPA) and the General Data Protection Regulation (GDPR), as applicable. Conduct data protection impact assessments (DPIAs) to identify and mitigate risks associated with the processing of personal data. Develop and maintain data protection policies, procedures, and controls to safeguard the privacy and confidentiality of personal data. Implement measures such as data encryption, pseudonymization, and access controls to protect personal data from unauthorized access and disclosure. Establish mechanisms for obtaining and managing consent for the processing of personal data in accordance with regulatory requirements. Monitor and respond to data subject requests (e.g., access requests, erasure requests) in compliance with GDPR and DPDPA requirements. Facilitate training and awareness programs to ensure compliance with data protection regulations and promote a culture of privacy within the organization. Collaborate with legal and compliance teams to address data protection issues and ensure alignment with regulatory requirements. Maintain records of processing activities and data protection measures to demonstrate compliance with GDPR and DPDPA obligations. Conduct regular audits and assessments to evaluate the effectiveness of data protection controls and identify areas for improvement. Competencies: Proactively contribute to leadership & handle work stress & people skills Strong analytical skills, problem solving skills, and project/program management skills Excellent communication skills working with all levels of management across the entire organization Ability to handle team strength and work cohesively Ability to act in Leadership position Work and stretch as required in corporate scenario Extrovert and Outspoken Experience Needed: 8+ years' demonstrable experience in IT security GRC management, IT security project management, IT & Data security policy management, and other security practices w.r.t Cloud Infra , Basic IT infra design and architecture Hands-on experience with designing, implementing and managing security IT GRC programs Past experience managing a small to mid-sized team Educational Requirements: Bachelor's degree or equivalent business experience in Computer Science, Business Management. Certified training in IT & Data security management, risk and compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, ISO 27K LA or related certification will be added advantage