335 SAP Security and GRC Jobs

We are looking for IT & IS Governance personal in our Information Security Team.

• Pivotal role in ensuring the effective governance, control testing framework, risk management and compliance of the organization's information security and technology infrastructure.
• Timely responses / compliance towards any advisories received from RBI and other applicable regulatory bodies.
• Sound knowledge of applicable RBI regulations/ circulars to NBFC business and its compliance adherence practices.
• Ensure efforts to establish and maintain robust IT governance frameworks, control testing, policies, and procedures, ensuring alignment with industry best practices, and regulatory requirements.

Roles & Responsibilities:

1. Compliance Assurance:

• Ensure compliance with relevant laws, regulations, and industry standards, be updated with the new/ changes in compliance requirements. Ensure required compliance within IS & IT team.
• Ensure timely response/ compliance to advisories/ questionnaires received from RBI and other applicable regulatory bodies.
• Collaborate and work along with business, legal and compliance teams to address regulatory/ compliance requirements.

2. Governance Framework:

• Ensure adherence towards implementation of comprehensive IT & IS governance, testing control frameworks to guide decision-making processes.
• Help drive the Governance activities across the Technology estate of the organization. Key areas of focus would be timely response towards advisories/ compliance towards RBI, CERT-In advisories/ guidelines, Control Testing & Assessment framework, Change Management, Vulnerability & Patch Management, Obsolescence, Asset Management, BCP-DR, Training awareness, TPRA etc.
• Ensure alignment with organizational objectives, industry standards, and regulatory requirements. (Example: RBI, SEBI, CERT-IN, etc.)

3. Policy Enforcement:

• Enforcement and monitoring of adherence to IT policies and procedures - covering areas such as information security, cyber security, data privacy & security controls, data classification, BCP-DR and IT Risk Management etc.
• Regularly assess the implementation of policies/procedures to address emerging threats and technology trends.

4. Risk Management:

• Help identification and evaluation of IT/IS related risks.
• Assist the information security function in developing and maintaining the security and risk management program, including risk analysis and tracking process.
• Help in implementation of risk mitigation strategies and monitor the effectiveness of risk controls.
• Prepare dashboard for the management on periodic basis.
• Review and track IT & IS exceptions, risks and exceptions and prepare dashboard for the management.

5. Control Testing and Assessment:

• Design, plan and execute control testing activities to evaluate effectiveness of process/procedures as outlined by the organization.
• Coordinate with internal teams to perform walkthroughs and document control processes to understand the design and implementation of the organizations controls related to IS & IT requirements.
• Clearly communicate detailed test plans, testing methodology and report on the control performance.
• Validate remediation of identified control deficiencies and report gaps to the stakeholders and follow-up for closure.

6. Audit and Assurance:

• Coordinate with internal, external, RBI auditors related to IS & IT requirements.
• Ensure timely submission of the artefacts/ evidences basis requirements.
• Tracking, reporting and ensure compliance of observations/gaps raised by the auditors.

7. Training and Awareness:

• Develop and deliver training programs to enhance IT & IS governance awareness across the organization.
• Foster a culture of cybersecurity and compliance among staff.

8. Management Presentation:

• Liaising with various internal stakeholders for preparing decks for various Board level committees.
• Tracking of actionable items from various committees of the organisation and ensure compliance/ logical closure for the same.

Qualification:

• Bachelor's degree in Information Technology, Computer Science, or a related field. Master's degree or relevant certifications (e.g., CISM, CRISC) is a plus.

Must have knowledge of areas as outlined, but not limited to:

• Information Security (Confidentiality, Integrity, Availability and Privacy)
• Strong understanding of IT and operational controls
• Security Testing (White box, Black box and Code review)
• Application architecture, application security, network security In-depth knowledge of relevant laws, regulations, and industry standards.
• Applicable RBI regulations/ circulars to NBFC business and its compliance adherence practices.
• Should have good understanding of ISO 27001 ISMS, NIST Cybersecurity Framework, ISO 22301, GDPR, DPDP Act 2023 etc.
• Strong understanding of risk management principles and methodologies.
• Excellent interpersonal and communication skills.
• Ability to collaborate effectively with cross-functional teams.