Cyber Security & GRC - Manager

Location

Head Office – Mumbai

Function

Technology

Job Purpose

The role incumbent will drive Governance, Risk and Regulatory compliance (such as SEBI and RBI regulations) for the organization. The role will also drive various cyber security initiatives. The role would require the individual to take care of internal audits and ensure effective internal operating controls, processes and practices for Information Security and Risk Management in the organization.

Role

Understanding SEBI, RBI and other regulations around Information Technology Governance and Information Security

Management i.e. creation, review and modification of Information Technology and ISMS policies and related procedures & guidelines as per requirements of Indian regulatory laws / acts and international framework / best practices

Implementation and execution of policies

IT Risk Assessment and maintaining IT Risk Register

ISO 27001 implementation

SOC Governance

Ensure information assets and systems are protected by identifying risks related to confidentiality, integrity and availability and mitigation through implementation of controls

Work hand-in-hand with Infrastructure, Application, Network and Project teams to ensure Security Solutions are implemented as per standards

Coordination with vendors & internal stake holders to manage Cyber Security initiative.

Take preventive / corrective actions against cyber incidents

Facilitate internal / external auditors for ITGC, ITAC, VAPT etc. and provide details / evidences to them as per requirements.

Ensure that all feasible audit observations and internal / external advisory measures are implemented through respective IT teams

Ensure that appropriate testing of information security, IT business continuity and disaster recovery plans are carried out to meet business needs

Capture & share knowledge for information / cyber security within team to enhance capabilities and to strengthen the awareness to end users including contractors

Corporate wide Information Security communication and program management

User awareness initiatives and trainings

Security Risks & KPI monitoring and improvement

Qualification & experience

Years of experience : Min 7-9 years of total experience

Qualifications : BE / MBA

Experience : at least 5 Years relevant experience with exposure to BFSI & NBFC sectors

Experience in SEBI, RBI and other regulatory requirements

Professional qualifications like Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), ISO 27001, COBIT, CEH, CISA, CISSP etc.

Knowledge about Data Center Security, Network Security

Excellent knowledge of ITGC & working knowledge of ISO 27001

Ability to lead a team and manage stakeholders

Essential skills

Effective Planning and Execution

Stakeholder Management, Networking & Influencing skills

System & Process orientation

Ability to challenge status quo

Ideal candidate (in terms of current role / organization / industry)