Infosec Governance Risk and Compliance Manager

Job Description - Infosec Governance, Risk and Compliance Manager

Position - Information Security Compliance Specialist

Grade / Level - Manager / Sr. Manager

Reporting To - Lead Infosec Compliance

Employment Type - Employee - Full Time

Work Location Guwahati

Key Focus Area - Information Security Compliance

Key Responsibilities:

1.Identify, measure & report Security Compliance performance against organisational internal and external security compliance requirements

2. Conduct Cyber Security internal process and technical assessments and audits periodically against different policies and standards.

3. Track and drive closure of finding and publish the compliance status dashboard for management review

4. Provide support in compliance management and certification like ISO, SOC2, PCI-DSS, Cloud Security etc and periodic annual security assessments

5.Conduct Cyber security audits, risk assessments on internal business units/Sub-Sideris /suppliers/third parties to ensure security and compliance controls are implemented as per company policy and contractual requirements and effectiveness is measured, reported and governed.

6.Support annual audit activity carried out by group corporate internal audit teams to maintain group corporate reporting requirements on controls relevant to security, availability, processing integrity, and confidentiality.

7.Frontend external audits conducted by regulatory bodies & customers by working closely with internal teams for preparation and driving the remediation activities.

8. Improve methods of capturing and presenting status of key compliance requirements to provide leadership with clear, concise data to enable appropriate decision making.

9.Plan and orchestrate compliance review meetings with stake holders at various levels to drive continuous improvements.

9.Report and prepare presentation on the levels of security compliance risk and control effectiveness to key stakeholders and senior management.

10.Monitor the ongoing status of compliance remediation activities for identified risks and internal and external audit/compliance requirements.

Qualification:

• B. E / B. Tech in Computer Science or Information Technology with good academics (minimum 60% without any gap)
• Should be certified with ISO27001 lead auditor and CISA - Certified Information Security Auditor. Possession of other certification like CISM, CISSP, ISO22301, ISO27701, ISO27017, ISO27018, Cloud security etc will be an added advantage

Work Experience:

• 05-10 Years of experience (minimum 5+ years’ experience in IT Security, Governance Risk and Compliance, Audits etc)