Lead - Information Security GRC (ISO & TPRM)

Title: Lead - Information Security GRC (ISO & TPRM)

Location: Gurgaon, India

Type: Hybrid (work from office)

Job Description

Company Overview

Fareportal is a travel technology company powering a next-generation travel concierge service. Utilizing its innovative technology and company owned and operated global contact centers, Fareportal has built strong industry partnerships providing customers access to over 600 airlines, a million lodgings, and hundreds of car rental companies around the globe. With a portfolio of consumer travel brands including CheapOair and OneTravel, Fareportal enables consumers to book-online, on mobile apps for iOS and Android, by phone, or live chat. Fareportal provides its airline partners with access to a broad customer base that books high-yielding international travel and add-on ancillaries. Fareportal is one of the leading sellers of airline tickets in the United States. We are a progressive company that leverages technology and expertise to deliver optimal solutions for our suppliers, customers, and partners.

FAREPORTAL HIGHLIGHTS:

• Fareportal is the number 1 privately held online travel company in flight volume.
• Fareportal partners with over 600 airlines, 1 million lodgings, and hundreds of car rental companies worldwide.
• 2019 annual sales exceeded $5 billion.
• Fareportal sees over 150 million unique visitors annually to our desktop and mobile sites.

Fareportal, with its global workforce of over 2,600 employees, is strategically positioned with 9 offices in 6 countries and headquartered in New York City.

Job Description and Responsibilities:

• Conduct risk assessments and audits aligned with ISO standards (e.g., ISO 27001, ISO 31000) and other relevant compliance frameworks.
• Perform third-party risk management (TPRM) processes, including vendor assessments and continuous monitoring of third-party compliance.
• Assist in the development, implementation, and maintenance of GRC programs, policies, and procedures.
• Collaborate with internal and external stakeholders to identify and mitigate compliance risks.
• Perform gap analyses and provide actionable recommendations to achieve compliance with various regulatory requirements.
• Prepare and deliver compliance reports, including risk findings, corrective actions, and status updates.
• Support internal and external audits, including evidence collection, documentation, and follow-up on corrective actions.
• Assist in developing compliance training programs for employees and stakeholders.
• Track and remediate compliance-related incidents, ensuring timely resolution and continuous improvement.
• Document and report control failures and gaps to stakeholders.
• Provide remediation guidance and prepare management reports to track remediation activities.

Required Skills & Qualifications:

• 3+ years of experience in compliance, risk management, or GRC-related roles.
• Hands-on experience with ISO 27001, ISO 31000, or other relevant ISO standards.
• BS/MS/BE/BTech/MBA in technology-related or information security curriculum
• Strong knowledge of GRC frameworks such as NIST CSF, COBIT, or similar.
• Familiarity with regulatory compliance requirements (e.g., GDPR, HIPAA, SOC 2).
• Proficiency in compliance management tools and platforms.
• Ability to analyse risk and compliance data, identify trends, and make recommendations
• Experience with third-party risk management (TPRM) processes, tools, and methodologies.
• Professional certifications like ISO 27001 LA or LI preferred.
• Detail-oriented, ability to consistently provide high-quality products that are concise, thorough and accurate;
• Strong attention to detail with an analytical mind and outstanding problem-solving skills.
• Good communication and persuasive skills
• Work independently

Disclaimer

This job description is not designed to cover or contain a comprehensive listing of activities,

duties or responsibilities that are required of the employee. Fareportal reserves the right to

change the job duties, responsibilities, expectations or requirements posted here at any time at

the Companys sole discretion, with or without notice.