GRC Specialist

Job Description :

The Governance, Risk and Compliance specialist is responsible for process definition with respect to business and its related security requirements, implementation of security controls, governance and risk management. This role requires close collaboration with internal and external stakeholders to build a robust security framework and foster a culture of security awareness across the organization. The role will also help to fulfil the customer security assurance requirements for organization’s products.

Key Responsibilities :

Compliance Management :

Assist in the development and maintenance of information security and data privacy policies, procedures, and standards.

Conduct regular compliance assessments, internal audits to ensure adherence to data privacy, ISO 27001, ISO 22301, ISO27017, ISO 27018 and other relevant regulations.

Facilitate the external audits for the applicable security certifications.

Monitor and report on privacy and security compliance gaps, and work with teams to implement corrective actions.

Perform Third Party Risk Assessment and Vendor evaluation with respect to Security compliances.

Ensure regular IT security activities are performed and records are maintained for the same.

Ensure security configurations are done in AWS and Azure cloud environments.

Risk Assessment

Conduct risk assessments to identify potential privacy and security threats.

Conduct Business Impact Analysis to identify the critical business process and dependency on IT systems.

Collaborate with IT and business units to develop and implement risk mitigation strategies.

Continuously update and maintain the risk register.

Documentation and Reporting

Prepare comprehensive reports on the status of compliance and risk management activities.

Maintain an accurate inventory of data privacy and information security policies and documentation.

Provide clear and concise documentation of findings, assessments, and action plans.

Training and Awareness

Assist in educating employees and stakeholders on data privacy best practices and the importance of compliance.

Stay up to date with industry trends, best practices, and emerging threats, and share this knowledge within the organization.

Skills Set

5-10 years of experience in various information security domains including, but not limited to, cloud and infrastructure security, data protection, security risk and compliance, application security and vulnerability management.

Implementation or understanding of ISO 9001 : 2015, ISO 27001 : 2022, ISO 27701 : 2019, ISO 22301 : 2019, SOC 2 Type 2, NIST is must.

Strong understanding of Data Privacy regulations like GDPR and DPDPA.

Strong understanding of Business Continuity Management.

Shall be well versed with process definition.

AWS / Azure Cloud Security is an added advantage

Excellent written and verbal communication.

Education

Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field; Master's degree preferred

Relevant industry certifications such as ISO27001 LA, ISO22301 LA, CISSP, CISM, CISA