Essential Duties and responsibilities:

•            Participate in governance, risk and compliance related assessments, policy and procedures, awareness and training for end users, change management, internal control identification and measurement per applicable guidelines and frameworks: ISO 27001:2005/2013/2022, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.

•            Lead risk methodology development and execution maintain updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, in addition to other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks: ISO 27001:2005/2013/2022, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.

•            Work across matrix business environments both internal and external for risk and compliance (audit) readiness for regulatory reviews, SOC1, SOC2, SOX, and other industry requirements such as HITRUST, GDPR. 

•            Work with business units in a consulting role to assist in their understanding of internal controls and measurements in addressing strategic initiatives, business/client drivers and concerns, future audits and compliance requirements. 

•            Lead/Manage methodology development, updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, strategic leadership initiatives, and other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks: ISO 27001:2005/2013/2022, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.

•            Lead governance, risk and compliance (GRC) liaison with internal and external audit resources, external customers and government regulators, domestic and international. 

•            Actively support business units request for information and data security risk, technology risk, technical vendor relationship management, product selection and design related to the authority and responsibility of GRC within an Enterprise Risk Management (ERM) model. 

•            Promote a positive, entrepreneurial, consulting, performance focused culture within governance, risk and compliance (GRC) that works effectively with stakeholders in the development and launch of services and programs that support compliance and company growth.

•            Work with divisional staff and representatives to develop long-term risk strategies, annual risk assessments, risk measurement metrics and tactical plans to reduce company risk exposure. 

•            Support the coordination, tracking and reporting on divisional and business units' metrics, results, data modelling, processing, calculating and transformation into meaningful risk metrics and reports.

Job Qualifications:

•            Bachelor’s degree in accounting, Computer Science, Risk Management or equivalent years in experience

•            Certifications required (two), preferred certifications: Certified Information Systems Auditor (CISA, Certified in Risk and Information System Controls (CRISC), Certified Information System Security Professional (CISSP), or equivalents. 

•            8++ years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts; experience with a Big 4 is required.

•            8+ years of hands-on combined experience with designing and implementing technology controls in diverse technology environments, including auditing, risk assessments and providing recommendations for remediation. 

•            5+ years of hands-on combined experience, preferred in business process design, system integration, identity access & management, data privacy and protection, system development life cycle (SDLC), vulnerability assessment, information technology security, incident response, vendor management, backup and recovery and continuity planning.

•            8+ years of operational leadership roles that include domestic and international; diverse industry experience preferred, consulting services, financial services and banking, insurance and healthcare, risk and compliance.  

•            8+ years of audit experience with SOC1, SOC2, and regulatory compliance.

•            8 years of combined hands-on operational experience in; accounting, tax, payroll, human resources, information technology operations, information technology security, risk management.

•            8+ years as a Subject Matter Expert (SME); working with industry frameworks including COSO, ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, FISMA and GDPR.  

•            Experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations.

•            Advanced written, verbal and presentation skills; including interactions with key stakeholders, internal executive management and external executive management and senior leaders. 

•            Experienced working in remote environments. Independent, motivated self-starter with the ability to analyse complex problems, think critically, problem solve, influence change, provide thought leadership.  

•            Excellent interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers

•            Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.

Thanks & Regards,

Preety Singh

Sr. Recruiter

Nilasu Consulting Service Pvt. Ltd

9387571944 | [http://www.nilasu.com%20/]www.nilasu.com | preety.singh@nilasu.com

#427, 4th Floor, B-Block, AECS Layout, Singasandra Village, Bangalore – 560068