company logo

Information Security GRC Manager

Navi Mumbai
Full-Time
Mid-Level: 4 to 8 years
Posted on Dec 20 2024

About the Job

Skills

GRC
Governance, Risk Management, And Compliance (GRC)
ISO 27001
ITGC
PCI DSS
Compliance
Risk Management

Job Description – Information Security GRC Manager

Work Location: Navi Mumbai

Key Focus Area:   Information Security GRC


Key Responsibilities

·      Policy Development and Enforcement: Develop, implement and maintain Information Security policies, procedures, standards, frameworks, and associated plans based on industry best practices such as ISO 27001, ISO 22301, ISO 27701 NIST, ITGC, PCI-DSS, etc.

·      Lead the organization’s tech compliance requirements such as but not limited to DoT requirements, PCIDSS, RBI (System Audit reports), ITGC, ISMS BCMS and Data privacy etc.

·      Risk Management: Performing security risk assessments, ISMS audits and privacy risk evaluations. Identify, document, and maintain an information security risk register. Regularly report to the security lead and other stakeholders.

·      Security Project Management (PMO) – Prepare Governance and Risk Management presentations for CISO and Leads on monthly/quarterly basis. Collaborate with cross functional team, gather required information and ensure end-to-end delivery.

·      Compliance Reporting: Prepare compliance reports and remediation plans based on periodic reviews of application, workstation, server, and network device configurations.

·      Data Loss Prevention (DLP): Monitor and maintain compliance of DLP.

·      Third-Party Risk Management: Provide responses to Third party due diligence, independent oversight, and facilitate implementation and continuous improvement of Third-party risk management and processes.

·      Security Control Automation: Influence security control automation efforts to enhance security and compliance at scale.

·      Audit Representation: Represent Jio’s security posture in both internal and external audits.

·      Security Awareness and Training: Drive security awareness initiatives and conduct regular training on organisation security policies and standard requirements through training sessions, communication, and workshops etc.


Qualification and Work Experience


Qualification

·      B.E./B.Tech/MBA

·      Professional certifications such as CISM/ CISA or equivalent are highly desirable.


Work Experience: 5-7 Years

·      Minimum 4-5 years of professional experience in Information Security practices, with at least 2 years specialising in Governance, Risk and Compliance (GRC) domains.

·      Significant knowledge and experience in Cyber Security domain, ITGC control evaluation, policies and standards, regulatory compliance, in-depth understanding of Industry Standards and Frameworks such as ISO 27001, PCI DSS, COBIT, NIST, ISO 31000. 

·      Project management within the realm of information security to include developing/vetting of project plans to ensure compliance to security standards.

·      Leading cross-functional teams to address vulnerabilities and enhance security measures.

·      Experience in supporting security controls, compliance and audit activities.

·      Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.

·      Have extensive experience of process building and improvement, strategic development and cross-organizational collaboration and negotiation.

 

 

Competencies /Expertise Required (Functional & Behavioral)

·       Strong knowledge of core information security principles such as least privilege access, defence in depth, preventative vs. detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response.

·       Excellent analytical and problem-solving skills, with the ability to manage multiple tasks under tight deadlines.

·       Advanced written and verbal communication and presentation skills, with a focus on team building and collaboration.

·       High sense of ownership and drive with ability to establish credibility and earn trust with a variety of stakeholders and leadership.

·       An entrepreneurial spirit with the ability to drive innovation independently.

·       Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills

·       Adaptable to change.

·       Quick Learner – Open learn and work on new technologies and products.

·       A proactive approach to security, attention to detail, and a commitment to continuous learning and improvement.

About the company

We are the force behind the meteoric rise of Indias leading telecom operator Jio with 400 Million+ customers. In Addition to this we have also powered an exhaustive list of digital apps & services that have delivered functionality, usability, engagement, scale and loyalty. We provide solutions for customers (B2C) and enterprise (B2B). We have an end to end 5G solution consisting of 5G Radio, a com ...Show More

Industry

Media & Telecommunication...

Company Size

10001+ Employees

Headquarter

Navi Mumbai, Maharashtra

Other open jobs from Jio