Manager - IT GRC (PC-DSS mandatory)

Role & responsibilities

• Design and implement Cyber Security Audit framework, processes and standards
• Directly responsible for policies, procedures, and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices.
• Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards.
• Identify, assess, manage, and track remediation of risks related to IT infrastructure, applications, platforms, and suppliers and drive explicit requirements and timelines in all environments.
• Develop strong relationships with external audit, key stakeholders, and regulators to ensure risk management oversight is understood, managed appropriately, and current with all standards, guidelines, and regulations that are applicable.
• Oversee third party (Vendor) assessment standards and privileged user monitoring as a check on critical system access.
• Process framework for off-site and on-site Security audits and continuous improvement of processes
• Interface with respective business department to carry out risk assessments, audit schedule preparation and test plan documentation
• MIS reports on audit projects to Senior management.

Preferred candidate profile

• Relevant years of experience in IT/Information Security Audits and IT Security Risk assessment services, preferred from banking/NBFC industry.
• Relevant experience in Cyber / Information security governance, risk, and compliance management and technical risk management as well as risk advisory services related hands on experience Knowledge of ISO27001: 2022 standards, have been part or handled the ISO certification project.
• Should have understanding of ISMS policy & procedure and contributed in document the ISMS policy
• Strong working experience in regulatory guidelines compliance management & compliance metrics
• Experience in conducting and handling internal & external IT audits and closer of IT audit findings
• Good Knowledge of cyber security posture and experience in working with cyber security team.
• Experience in Information Security Incident Management and Information Security Awareness Training will be an added advantage
• Experience in Banking & NBFC will be preferred
• Work experience on Risk management and vendor management
• Must have experience in people management and performance evaluation
• Strong interpersonal, Organizational and communication skills.
• Excellent written, oral communication and presentation skills.