GRC Consultant

1. PositionOverview:

We are seeking a motivated andskilled Information Security Risk Manager with Bachelors or Mastersdegree in IT ECE Computer Science or related field and a strongbackground of 69 Years Experience in information security riskmanagement to join our team IMMEDIATELY

The role demands anunderstanding of regulatory requirements (e.g. UAE InformationAssurance) and industry standards (e.g. NIST Risk ManagementFramework (RMF) ISO 31000 ISO along with practicalexperience in information security and riskmanagement.

RoleDescription:

• ConductInformation Security Governance Risk & Compliance (GRC)consulting projects for customers globally using various standardslike PCIDSS ISO 27001 NIST CSF COBIT etc. specializing in riskmanagement.
• Define risk management methodologysupported by a threatvulnerability assessment in collaboration withkey stakeholders within theorganization.
• Define document implement andrefine information security management frameworks within clientorganizations. This includes Information security strategy policiesprocedures standards guidelines SOPs forms templatesetc.
• Conduct comprehensive risk assessments inclose coordination with internal and externalstakeholders.
• Assist in theimplementation/maintenance of information security policies andprocedures in compliance with governance legal contractual orinternal requirements.
• Provide expert guidanceto customer Information Security and otherdepartments.
• Conduct security risk assessmentsto enable informed decisionmaking by stakeholders while keepingbusiness objectives paramount.
• Review securityaspects of business cases IT application/infrastructure changesproject proposals requirements solution designs and systemarchitectures.
• Create and promote securityawareness campaigns and conduct information security awarenessprograms to enhance the information security knowledge of staff andmanagement on the latest threats andvulnerabilities.
• Manage the assigned teamproject management and deliverymanagement.
• Train the internal team on GRC& risk assessment.
• Participate inpresales meetings with prospective customers and offer specializedGRC and risk management consultingservices.
• Monitor and review informationsecurity compliance.
• Coordinate with thecustomer IT project management department vendors and consultantsto build an effective security program.
• Leadannual planning information security architecture and governancereviews for customer organizations.

2. KeyResponsibilities:

Risk Management:

1. Identify assess and prioritize information securityrisks across the organization.

2. Develop andmaintain Key Risk Indicators (KRIs) and Key Performance Indicators(KPIs) to monitor and measure risk levels and the effectiveness ofrisk management efforts.

3. Recommend and trackthe implementation of risk mitigation strategies andcontrols.

4. Conduct frequent risk assessmentsand reviews to ensure the effectiveness of controls.

5. Monitor and report on the status of risk managementactivities and initiatives.

6. Recommendenhancements to risk assessment methodology.

7.Maintain the risk register within the GRC platform ensuring it isupdated with highquality relevant content.

Governance:

1. Assist in enforcing information security policiesprocedures and standards.

2. Contribute to themaintenance of a governance framework for managing

information security risks.

Collaboration:

1. Provide expertise and guidance on information securitymatters to key

stakeholders fostering strongworking relationships across departments.

2.Serve as a liaison and advisor to customer IT project managementvendors and consultants.

ContinuousImprovement:

1. Stay informed onemerging trends threats and technologies in informationsecurity.

2. Recommend and implementimprovements to the risk management framework tools andmethodologies.

Compliance& Risk Assessments:

1.Conduct independent security risk assessments to support informeddecision making aligned with business objectives.

2. Review the security aspects of business cases ITapplications infrastructure changes project proposals requirementssolution designs and system architectures.

3.Conduct ISO 27001 PCIDSS and other compliance assessments asneededespecially for banking information security audits.

Security Awareness:

1. Design and conduct innovative information securityawareness programs to educate employees and management aboutcurrent threats and security best practices.

2.Train and mentor the internal team and clients on GRC riskassessment and information security frameworks.

Project & DeliveryManagement:

1. Oversee projectmanagement and delivery for assigned teams ensuring

alignment with client requirements and qualitystandards.

Required TechnicalSkills:

Certifications:

• Required: CISSPCISA CISM CRISC CGEIT GRCP or GRCA.
• Good tohave: ISO 27001 Lead Auditor ISO 27001 Lead Implementer IAPPCertifiedCDPSE CCSK CCSP CCAK ISO 27701 privacy ISO 20000 PCI QSAISO22301.
• Framework Knowledge: Familiaritywith GRC standards/frameworks such as ISO 27001NIST
• CSF COBIT ITIL and regulatory requirementslike UAEs NESA RBI CSF and SAMA CSF.

Experience:

• Familiarity with systems database network andapplication security.
• Knowledge of riskassessment approaches policy formation and securityprotocols.
• Experience with information securityarchitectures and securityassessments.
• Detailed experience with ISO27001/2 PCIDSS GDPR and other securityframeworks.
• Experience in conducting riskassessments especially in banking andfinance.

BehaviouralSkills:

a) Strong analytical andstrategic mindset in Cyber security governance.

b) Skilled to work with minimalsupervision.

c) Excellent Presentation & Internal as well asExternal Customer Facing skills.

d) Strongacumen to communicate complex ideas concisely and in a businesscontext.

e) Project Management skills andexperience.

f) Exceptional interpersonalrelationship management and influencing skills.

g) Ability to collaborate with a broad range of businessand technology stakeholders including top managementrepresentatives.

h) Positive attitude problemsolving skills and attention to detail.

i)Should be resultsoriented and able to deliver within presetdeadlines.

j) Should value quality and clientsatisfaction.

k) Should possess very goodcommunication skills (strong written/spoken English language skills& presentationskills).

OTHER DETAILS :

1. Candidate from Big 4 firm would bepreferred.
   
2. Candidatemust have experience in or working with Global clients.
3. Strong communication skills is required (it can be equalweightage for communication and technical skills/knowledge) andhe/she should be capable of working with minimalsupervision.
4. This candidate willbe on a project which requires the candidate to be at Bangalore andUAE locations alternatively (for the 1st year it willbe 6 months Onsite in Abu Dabhi client location and 6 months inBangalore office ).
   
5. Candidate will have to clear our internal interviewprocess as well as the customer interview.
6. Minimum 1 year commitment from the candidate is required as we will becommitted to the customer as well accordingly.
7. CISA/ CISM/ CISSP any 1 certificate ismandatory
8. Notice period : 1015daysMaximum

1. CTCrange upper cap of Rs. 35 lacs p.a.
2. In additionto the CTC the candidate will be paid fixed perdiem allowance asper company policy during the period ofstay in Onsite Abu Dabhi location wewill provide accommodation and local travel to and from customerlocation to place of stay as well.
3. Thecandidate will be on a project which requires to be atBangalore and UAE locations alternatively(for the 1st year it will be 6 months Onsitein Abu Dabhi client location and 6 months in Bangaloreoffice ).

Key Skills
Sales Experience,DirectSales,Hyperion,Financial Services,Financial Concepts,Banking,OracleEBS,Securities Law,Peoplesoft,Oracle,FinancialManagement,Workday
Employment Type : Full Time
Experience: years
Vacancy: 1
Yearly Salary Salary: Rs

---