Job Description – Information Security GRC Manager

Work Location: Navi Mumbai

Key Focus Area:   Information Security GRC

Key Responsibilities: 

·      Policy Development and Enforcement: Develop, implement and maintain Information Security policies, procedures, standards, frameworks, and associated plans based on industry best practices such as ISO 27001, ISO 22301, ISO 27701 NIST, ITGC, PCI-DSS, etc.

·      Lead the organization’s tech compliance requirements such as but not limited to DoT requirements, PCIDSS, RBI (System Audit reports), ITGC, ISMS BCMS and Data privacy etc.

·      Risk Management: Performing security risk assessments, ISMS audits and privacy risk evaluations. Identify, document, and maintain an information security risk register. Regularly report to the security lead and other stakeholders.

·      Security Project Management (PMO) – Prepare Governance and Risk Management presentations for CISO and Leads on monthly/quarterly basis. Collaborate with cross functional team, gather required information and ensure end-to-end delivery.

·      Compliance Reporting: Prepare compliance reports and remediation plans based on periodic reviews of application, workstation, server, and network device configurations.

·      Data Loss Prevention (DLP): Monitor and maintain compliance of DLP.

·      Third-Party Risk Management: Provide responses to Third party due diligence, independent oversight, and facilitate implementation and continuous improvement of Third-party risk management and processes.

·      Security Control Automation: Influence security control automation efforts to enhance security and compliance at scale.

·      Audit Representation: Represent Jio’s security posture in both internal and external audits.

·      Security Awareness and Training: Drive security awareness initiatives and conduct regular training on organisation security policies and standard requirements through training sessions, communication, and workshops etc.

Qualification and Work Experience

Qualification

·      B.E./B.Tech/MBA

·      Professional certifications such as CISM/ CISA or equivalent are highly desirable.

Work Experience: 5-7 Years

·      Minimum 4-5 years of professional experience in Information Security practices, with at least 2 years specialising in Governance, Risk and Compliance (GRC) domains.

·      Significant knowledge and experience in Cyber Security domain, ITGC control evaluation, policies and standards, regulatory compliance, in-depth understanding of Industry Standards and Frameworks such as ISO 27001, PCI DSS, COBIT, NIST, ISO 31000. 

·      Project management within the realm of information security to include developing/vetting of project plans to ensure compliance to security standards.

·      Leading cross-functional teams to address vulnerabilities and enhance security measures.

·      Experience in supporting security controls, compliance and audit activities.

·      Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.

·      Have extensive experience of process building and improvement, strategic development and cross-organizational collaboration and negotiation.

Competencies /Expertise Required (Functional & Behavioral)

·       Strong knowledge of core information security principles such as least privilege access, defence in depth, preventative vs. detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response.

·       Excellent analytical and problem-solving skills, with the ability to manage multiple tasks under tight deadlines.

·       Advanced written and verbal communication and presentation skills, with a focus on team building and collaboration.

·       High sense of ownership and drive with ability to establish credibility and earn trust with a variety of stakeholders and leadership.

·       An entrepreneurial spirit with the ability to drive innovation independently.

·       Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills

·       Adaptable to change.

·       Quick Learner – Open learn and work on new technologies and products.

·       A proactive approach to security, attention to detail, and a commitment to continuous learning and improvement.