AVP - Cyber Security & GRC

Role & responsibilities

• Partner with CISO to run a global, enterprise-wide cybersecurity risk and compliance strategy aligned with organizational priorities, business objectives, regulatory requirements, and evolving risks.
• Lead and grow a team of cybersecurity professionals, managing risk, compliance, assessments, reporting, metrics, policy, awareness, and third-party risk management.
• Oversee risk and threat-based information security programs ensuring confidentiality, integrity, availability, and privacy.
• Manage enterprise-wide compliance, risk assessment, reporting, cybersecurity policies, third-party risk management, and security training programs.
• Conduct information security audits, respond to external questionnaires, RFPs and collaborate with control entities (Audit Partners, Enterprise Risk Management, Legal Compliance, regulators, and financial institutions).
• Work with the Cloud Security & Operations team on incident management, security architecture, vulnerability management, threat intelligence, advisory, and identity and access management.
• Assess security controls, identify improvement opportunities, and communicate recommendations.
• Perform risk assessments against third parties to ensure proper compliance against regulatory requirements.
• Manage annual ISO 27001 internal audits, remediation tracking, evidence collection, and risk identification.
• Lead the creation of Information Security Policies, technical standards and procedures for secure technology configuration and implementation.
• Manage the company-wide information security awareness program to foster a security mindset across leadership, employees, contractors, and third parties.
• Stay updated on security changes impacting regulatory, privacy, and industry best practices.

Preferred candidate profile

• 8 or more years of knowledge and understanding of information security management frameworks and various regulatory requirements such as DPDPA, GDPR, and information security and compliance standards including ISO 27001, SOC 2 etc.
• Strong knowledge of security frameworks including NIST CSF, controls, and audit techniques.
• Strong ability to identify needs, take initiative, and prioritize work efforts, balancing operational tasks with longer-term strategic security efforts
• Strong technical background with a consistent record of delivering results, validated leadership, communication as well as critical thinking skills, creative and flexible problem solver.
• Strong interpersonal skills and the ability to interact strategically and confidently with internal partners to develop ideas, find opportunities, and influence outcomes.
• Certifications: CISSP, CISA, CISM