Job Description

Purpose of the Job:

• Conduct Internal Audit

• Conduct Risk Assessment

• Conduct Third Party Risk Assessment

• Assist in ISO27001 implementation for new business units and help in maintaining existing certification

• Conduct RoPA and DPIA

• Manage DLP rules

• Conduct random audit on any security domain to ensure all controls are in place

• Follow up with relevant stakeholders for closure of audit observations

• Monitor activities as per security plan for all the locations.

• Conduct Risk Assessment as per ISO 27001 standard

• Data recovery— Random check of backup and restoration testing related controls.

• Monitor and ensure information security awareness training done for all employees and contracted employees.

• Create multiple phishing and other security awareness campaigns

• Facilitate user access review and monitor ISMS metrics

• Monitor compliance and inform management regarding the same

• Assist in Data Governance related projects

• Create Data Registers

• Random check of implemented controls mentioned in information security policy and accompanying standards, procedures and guidance

• Knowledge of NIST, CSA framework, PCI DSS and other standards

• Knowledge of privacy controls

• Assist in policy and procedure review

• Work with internal stakeholders to develop relationships to help promote and improve information security

Key Accountabilities (duties and responsibilities):

• Provide timely support to ensure closure of non-conformance.

• Monitor and maintain controls to ensure maximum access and high availability of systems based on system design.

• Risk Assessment

• SOP Documentation, Change Request, Impact Analysis and Enhancement

• Assist in Data Governance initiatives

COMPETENCES REQUIRED

Experience required: 5 to 10 years

Education Qualification: Bachelor in any Engineering branch

Technical (discipline) related:

• ISO27001 lead auditor Certification

• Awareness of latest practices in IT Security

• Infrastructure review and suggest security requirements for the Setup

• Awareness of NIST Cyber Security framework and Risk Management

• Knowledge of security controls related to Data Integrity, Business Process, Data Backup and Business Continuity.

• Experience in internal audit/ reviews based on ISO27001, COBIT, NIST etc.

• Sound knowledge and experience in ITGC audit

• Experience in risk assessment

• Experience in Data Governance

• Automation of GRC related activities

• IDAM experience will be an added credibility

• Knowledge and experience of Third Party Risk Assessment and AI Risk Assessment

• Knowledge of DPDPA

Interpersonal:

• Strong verbal and interpersonal communication skill

• Be Honest and Trustworthy

• Be respectful & possess cultural awareness and sensitivity

• Professional

• Be Collaborative

Travel - 25% in a year

KPI’s (Key Performance Indicators) of the job:

1. Improve overall security in the IT setup and information governance.

2. No Non-Conformance from HO Audit or ISO27001 external Audit.

3. Overall improvement in Cyber Security posture at all Business Units.

4. No security incident in the year

5. Effective and efficient implementation of Data Governance initiatives

6. Efficient implementation of Cyber Security Plan to improve the tier in NIST framework.