IT GRC – AVP [T500-12809]

Job Profile :

Job Title : IT GRC Manager

Corporate Title : AVP

Experience : 10+ years

Location : Bangalore

No. of Positions : 1

Job Responsibilities :

• Responsible for managing Cyber Security Risk, Compliance, and Assurance activities.
• Drive the global cyber security certifications as per MGS Management Strategy. Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of ISO 27001, FFIEC, SOC2 as well as knowledge of controls related to Privacy, Compliance, Cyber and other risk domains.
• Develops, maintains, and delivers effective cyber security policies, standards, and procedures.
• Drive the implementation of the cyber security projects in the areas of governance and risk.
• Partner with IT, Legal, HR, and other business units to manage information security governance and compliance.
• Work with cyber security teams to identify and track risk based on the threat landscape.
• Measuring ongoing metrics and improvements along with providing actionable items to the extended IT teams
• Lead the MGS Incident Response Team along with other business units.
• Develop and present the KRI and KPI to bring out the dashboard, which shows the security posture in compliance with all the cyber security controls.
• Ensure security is embedded in the project delivery process by providing appropriate information security policies, procedures, and guidelines.
• Prepare the team for external audits and facilitate IT audits.
• Maintain the ongoing training and awareness program at MGS. Develop a long-term Cyber Security Awareness Program strategy, processes, and procedures.
• Drive phishing simulation and subsequent activity to reduce enterprise phishing susceptibility.
• Report to leadership on metrics that effectively measure the impact of cybersecurity training and awareness programs.
• Driving continuous improvement of the effectiveness of control implementations and reporting to enhance and mature the security programs and exception management process.
• Knowledge of global operational risk guidelines including Basel, Controls Assessment, Controls Remediation etc.
• Good Knowledge of RCSA Framework, Operational risk controls framework and experience in any GRC tools like ServiceNow, RSA Archer, MetricStream etc.

Job Requirement :