JOB DESCRIPTION---
For a role that encompasses IT GRC (Governance, Risk, and Compliance)
along with IT Security Audit responsibilities, especially in the context
of NIST, ISO 27001, SOC2, ITGC audit, RBI (Reserve Bank of India)
regulatory compliance, IT Security Compliance, Business Continuity
Management (BCM), Disaster Recovery (DR), and Vulnerability Assessment
(VA), the roles and responsibilities would typically include:
Governance, Risk, and Compliance (GRC):
* Develop and maintain IT governance frameworks aligned with industry
standards and regulatory requirements.
* Establish and enforce policies, procedures, and controls to ensure
compliance with applicable laws, regulations, and standards.
* Coordinate risk assessment and management activities across the
organization.
* Monitor and report on compliance status to senior management and
stakeholders.
* Facilitate audits and assessments to verify adherence to compliance
requirements.
* Implement continuous improvement initiatives to enhance the
effectiveness of GRC processes.
IT Security Audit:
* Plan, coordinate, and conduct IT security audits based on regulatory
requirements and industry best practices.
* Perform risk-based assessments of IT systems, networks, and
applications to identify security vulnerabilities and weaknesses.
* Review and evaluate controls related to access management, change
management, data protection, and incident response.
* Document audit findings, including recommendations for remediation
and improvement.
* Collaborate with internal and external auditors to facilitate audit
engagements and address audit findings.
* Track and monitor the implementation of audit recommendations to
ensure timely resolution.
Regulatory Compliance:
* Interpret and apply relevant regulatory requirements, including NIST
Cybersecurity Framework, ISO 27001, and RBI guidelines.
* Conduct gap assessments against regulatory requirements to identify
areas of non-compliance and develop remediation plans.
* Coordinate with business units and stakeholders to implement controls
and measures to achieve compliance objectives.
* Prepare documentation and evidence to demonstrate compliance with
regulatory requirements.
* Stay informed about changes in regulations and standards and assess
their impact on the organization's compliance posture.
IT Security Compliance:
* Establish and maintain IT security policies, standards, and
guidelines in accordance with regulatory requirements and industry best
practices.
* Conduct periodic reviews and assessments to ensure adherence to
security policies and standards.
* Implement controls and measures to mitigate security risks and
vulnerabilities.
* Monitor and analyse security events and incidents to detect and
respond to security breaches.
* Provide guidance and support to business units on security compliance
matters.
Business Continuity Management (BCM) and Disaster Recovery (DR):
* Develop and maintain business continuity and disaster recovery plans
aligned with organizational objectives and regulatory requirements.
* Run BCP/DR frameworks
* Conduct business impact analyses and risk assessments to identify
critical business functions and dependencies.
* Coordinate the development, testing, and maintenance of BCM and DR
plans.
* Ensure alignment between BCM/DR plans and IT systems, applications,
and infrastructure.
* Provide training and awareness programs to ensure effective response
and recovery during emergencies.
Vulnerability Assessment (VA):
* Plan and execute vulnerability assessment activities to identify
security weaknesses and vulnerabilities in IT infrastructure and
applications.
* Utilize automated scanning tools and manual techniques to identify
and prioritize vulnerabilities based on risk.
* Analyse and interpret scan results to provide actionable
recommendations for remediation.
* Coordinate remediation efforts with IT teams to address identified
vulnerabilities in a timely manner.
* Monitor and track the status of vulnerability remediation efforts and
report on progress to stakeholders.
* In summary, this role involves a comprehensive approach to managing
IT governance, risk, and compliance, along with conducting IT security
audits, ensuring compliance with regulatory requirements such as NIST,
ISO 27001, and RBI guidelines, and overseeing BCM, DR, and VA
activities. Effective communication, collaboration, and coordination
with various stakeholders are essential for success in this role.
Digital Personal Data Protection Act (DPDPA) and GDPR Compliance:
* Interpret and ensure compliance with the provisions of the Digital
Personal Data Protection Act (DPDPA) and the General Data Protection
Regulation (GDPR), as applicable.
* Conduct data protection impact assessments (DPIAs) to identify and
mitigate risks associated with the processing of personal data.
* Develop and maintain data protection policies, procedures, and
controls to safeguard the privacy and confidentiality of personal data.
* Implement measures such as data encryption, pseudonymization, and
access controls to protect personal data from unauthorized access and
disclosure.
* Establish mechanisms for obtaining and managing consent for the
processing of personal data in accordance with regulatory requirements.
* Monitor and respond to data subject requests (e.g., access requests,
erasure requests) in compliance with GDPR and DPDPA requirements.
* Facilitate training and awareness programs to ensure compliance with
data protection regulations and promote a culture of privacy within the
organization.
* Collaborate with legal and compliance teams to address data
protection issues and ensure alignment with regulatory requirements.
* Maintain records of processing activities and data protection
measures to demonstrate compliance with GDPR and DPDPA obligations.
* Conduct regular audits and assessments to evaluate the effectiveness
of data protection controls and identify areas for improvement.
Competencies:
* Proactively contribute to leadership & handle work stress & people
skills
* Strong analytical skills, problem solving skills, and project/program
management skills
* Excellent communication skills working with all levels of management
across the entire organization
* Ability to handle team strength and work cohesively
* Ability to act in Leadership position
* Work and stretch as required in corporate scenario
* Extrovert and Outspoken
Experience Needed:
* 10 years' demonstrable experience in IT security GRC management, IT
security project management, IT & Data security policy management, and
other security practices w.r.t Cloud Infra , Basic IT infra design and
architecture
* Hands-on experience with designing, implementing and managing
security IT GRC programs
* Past experience managing a small to mid-sized team
Educational Requirements:
* Bachelor's degree or equivalent business experience in Computer
Science, Business Management.
* Certified training in IT & Data security management, risk and
compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, ISO
27K LA or related certification will be added advantage
Job Type: Full-time
Benefits:

• Provident Fund

Schedule:

• Day shift
• Monday to Friday

Supplemental Pay:

• Performance bonus

Experience:

• total work: 6 years (Required)

Work Location: In person