JOB FUNCTIONS/DUTIES AND RESPONSIBILITIES
We need a resources who will need to perform -
- Assessing and Reviewing enterprise-wide Security Objectives, Control Performance Status to various stakeholders
- Security Control Assessment, Maturity Assessment, Common Control Testing (ITGC, COBIT) and providing prioritized remediation consulting / advisory
- Managing Cybersecurity Regulatory Compliances
- Gathers and reviews documentation; Conducts the risk assessments for assigned GRC practices with reference to the defined Methodology/policy/processes.
- Facilitates executing the end-to-end GRC processes.
- Monitors, Reports and Tracks the status of each review and communicates with the relevant stakeholders to obtain missing items within the prescribed timelines. Completes review in a timely and accurate manner.
- Report issues/findings/gaps and monitor the remediate of issues.
- Monitors trends in the industry, competitive insights, and ensure compliance with regulatory/compliance expectations and requirements.
- Support in coming-up with a set of actionable reporting viz., KRIs and KPIs.
Qualifications
- 10+ years' experience in Information Security / IT Security Risk Assessment and remediation related activities.
- Knowledge on various Cybersecurity Frameworks & Standards (NIST CSF / RMF, ISO 27001 / 31000) and Best Practices (CIS Top 20, SANS Top 25, OWASP Top 10)
- Certifications like CISSP, CISM, CISA, CEH, ISO 27001 LA/LI
- Experience in dealing with CISO organization
- Prior experience performing security reviews and Risk Assessments preferred.
- Good oral and written skills on a business level in English.
- Good managerial skills relating to employees, planning and policy formulation.
Substantive and diverse knowledge of security-related regulatory compliance.
- Knack of conducting research to provide documentation and evidence with internal and external inquiries.