Senior Associate – IT GRC
Job Description:
-----JOB DESCRIPTION---
Act as the main point of contact for the design and deployment of the IT Security GRC
framework and work with Very Senior IT leadership (CTO, IT Head)
* Partner with all team members in the IT head's function to build/govern/sustain /improve an
integrated end-to-end security GRC framework to provide a "one-stop shop" shop for all
security activities and controls
*Manage and Control RBI, NHB and NBFC related IT Security and GRC regulations and act
decisively and respond
* Perform and front end BCP framework governance and regular assessment
* Perform and present report for Vendor Information Security Risk Assessment and guide the
team for vendor risk framework enhancement
* Data privacy program
* Ability to understand and navigate Cloud Infra technologies and assess IT Infra from risk
perspective
* Good knowledge on IT infrastructure and setup w.r.t. Network devices, End user support,
Software licence management
* Manage all IT security policies, standards, procedures, and guideline, and any related GRC
issues with stakeholders including the management of exceptions to policies and standards
* Manage the security GRC component of the company GRC framework to ensure it is
aligned with security GRC framework
* Manage the security GRC framework to:
* Ensure controls are in place and working as they should
* Ensure policies, standards, procedures, and guidelines are updated to reflect changes in
the business and IT environment
* Ensure clients, regulatory, and internal requirements are being met consistently and cost-
effectively
* Automate and streamline all processes related to managing the company's security GRC
framework
* Provide multi-level reporting to all stakeholders in the company: Executives, clients,
business leads, IT leads, audit and regulatory representatives
* Manage all security assessments required internally or externally including the consulting
firms and/or contractors engaged to support such assessments
* Build partnerships across the organization in all disciplines: audit, legal, information
technology, financial management (treasury, for instance), business operations, sales and
marketing, corporate communications, risk management, etc. to ensure the security GRC
program is aligned with business objectives and requirements
* Develop an audit engagement model and a regulatory engagement model
* Manage the security awareness program throughout the company.
* Educate end-users and IT staff in security threats, risks, policies, and security best
practices
* Define end-users responsibilities in safe and secure computing
Documentation, Reporting & Analytics
* Contribute to the design and implementation of an operational reporting framework that will
provide regular metrics and statistics about our business and IT environment; analyze trends
in security events, activities, etc. to better understand risks, insufficiencies in our solutions,
staffing shortages, etc.; report security metrics and statistics to the IT Head and other key
stakeholders throughout the company
* Manage any security business practice irregularities, violations and infractions including
exceptions, risk memos, security position memos
* Prepare annual detailed plans for security reviews/audits and any other compliance tasks
required internally or externally
Profile
Technical Skills:
* Proficient with MS Office, project management software, and India specific Banking, NBFC
regulations w.r.t IT GRC, Audit , Risk Governance
* Banking and NBFCs experience is highly recommended
* Solid understanding of common security tools (e.g., vulnerability scanners, firewalls,
IDS/IPS, AV software) strongly recommended
* Extensive training and experience in computer disciplines such as application and data
security, systems programming, systems design, computer technology or software
disciplines
Competencies:
* Strong analytical skills, problem solving skills, and project/program management skills
* Excellent communication skills working with all levels of management across the entire
organization
* Ability to handle team strength and work cohesively
* Ability to act in Leadership position
* Work and stretch as required in corporate scenario
* Extrovert and Outspoken
Experience Needed:
* 10-15 years' demonstrable experience in security GRC management, security project
management, security policy management, and other security practices w.r.t Cloud Infra ,
Basic IT infra design and architecture
* Hands-on experience with designing, implementing and managing security IT GRC
programs
* Past experience managing a small to mid-sized team
Educational Requirements:
* Bachelor's degree or equivalent business experience in Computer Science, Business
Management, or MIS required
Certified training in security management, risk and compliance solutions and practices.
CISSP, CISA, CISM, GSEC, CRISC, ISO 27K LA or related certification will be added advantage
(Office timings: 9 30 to 6 30 (must be flexible with office timings)
Organization type: NBFC (non-banking finance company), Banking)
Company Profile
This company was incorporated in 2010, by highly credentialed professionals with specialized experience across M&A Advisory, Operations & Risk Consulting, Asset Management, Financial Accounting, Audit and Process Re-engineering.
We are a boutique advisory firm, who understands the dynamics of business / operations / transactions / industry and possess necessary skills to blend practical insights with regulatory knowledge, to design effective custom -made solutions to all business situations.
Apply Now
- Interested candidates are requested to apply for this job.
- Recruiters will evaluate your candidature and will get in touch with you.