Lead - Information Security (GRC)

Position Overview:

The role will be focused on security compliance management practice within the organization as individual contributor. The individual would participate in identify the gap and initiate a process to deter, detect and mitigate risks, including tools and process to monitor and audit information, draft & articulate information security policies, assess personnel security information, lead employee awareness, driving assurance test and supporting internal and external audits. Collaborate with cross functional stakeholders to ensure balance is maintained with compliance to deliver the best security solution within the contractual, regulatory and Room To Read standard framework. This position will report to Senior Director, Global Technology.

Duties & Responsibilities:

• Functional experience in domain of IT security Governance, Risk and Compliance Management.
• Identify the security gap across sub domain of technology (application, cloud, IT service, Helpdesk) and work closely with country officers to detailed assessments.
• Experience in drafting and articulating Information and Cyber Security Policy, providing advice and support to the management and information users in the implementation of Information and Cyber Security Policies.
• Working with IT function in identifying, developing, implementing, and maintaining processes across the enterprise (Cloud, Network, On-prem infrastructure, etc) to reduce information and information technology (IT) risks.
• Experience in implementing & maintaining standards like ISO 27001, BCMS, NIST, PCI DSS etc.
• A solid understanding of IT control frameworks and IT Governance, Risk and Compliance (GRC) with regards to SOC2 type I and type II.
• Working knowledge of overall risk management process that is conducting/participating on internal/external risk assessments and remediation process.
• Experience across multiple Information Security domain i.e., IT Regulatory/policy Compliance, IS Governance, Risk Management, IT Infrastructure Security.
• Working experience in end-to-end risk remediation planning, resolution and monitoring activities, including Technology Continuity Management planning and testing activities.
• Collaborate with senior business and IT Services leaders to resolve challenging risk matters.
• Finding and correcting end to end IT security risk associated with vendor, donors, and other external stakeholders.
• Experience in identifying, evaluation and managing application security risk.

Qualifications and Desired Skills

• 5 to 7 years of relevant experience working in IT Security & GRC in multiple capacities.
• Bachelors in IT, Computer Science, Cyber Security, or equivalent experience required.
• Certification like ISO 27001, CISA, CRISC, CISM etc. would be an added advantage.
• Understanding of Cloud security standard e.g. Azure/AWS/GCP
• Excellent written and spoken English.
• Detail oriented with excellent research, analytical and critical thinking skills.
• Strong documentation, oral and written communications, and interpersonal skills.
• The ability to work both independently and as part of a team.