CyberSec_GRC

 JOB FUNCTIONS/DUTIES AND RESPONSIBILITIES 

We need a resources who will need to perform -

• Assessing and Reviewing enterprise-wide Security Objectives, Control Performance Status to various stakeholders
• Security Control Assessment, Maturity Assessment, Common Control Testing (ITGC, COBIT) and providing prioritized remediation consulting / advisory
• Managing Cybersecurity Regulatory Compliances
• Gathers and reviews documentation; Conducts the risk assessments for assigned GRC practices with reference to the defined Methodology/policy/processes.
• Facilitates executing the end-to-end GRC processes.
• Monitors, Reports and Tracks the status of each review and communicates with the relevant stakeholders to obtain missing items within the prescribed timelines. Completes review in a timely and accurate manner.
• Report issues/findings/gaps and monitor the remediate of issues.
• Monitors trends in the industry, competitive insights, and ensure compliance with regulatory/compliance expectations and requirements.
• Support in coming-up with a set of actionable reporting viz., KRIs and KPIs.

• 10+ years' experience in Information Security / IT Security Risk Assessment and remediation related activities.
• Knowledge on various Cybersecurity Frameworks & Standards (NIST CSF / RMF, ISO 27001 / 31000) and Best Practices (CIS Top 20, SANS Top 25, OWASP Top 10)
• Certifications like CISSP, CISM, CISA, CEH, ISO 27001 LA/LI
• Experience in dealing with CISO organization
• Prior experience performing security reviews and Risk Assessments preferred.
• Good oral and written skills on a business level in English.
• Good managerial skills relating to employees, planning and policy formulation.
  Substantive and diverse knowledge of security-related regulatory compliance.
• Knack of conducting research to provide documentation and evidence with internal and external inquiries.