Security Lit - GRC Specialist - IT Infrastructure (4-5 yrs)

Role Description :

We are seeking a seasoned IT Governance, Risk, and Compliance (GRC) Specialist with 4 to 5 years of experience and specialized expertise in data privacy to join our team.

This critical role will be responsible for ensuring our organization's IT systems comply with regulatory standards and internal policies, with a strong emphasis on data privacy and protection.

The ideal candidate will be a proactive and detail-oriented individual with a proven track record in risk assessment, compliance management, and data privacy strategy development.

Key Responsibilities :

Risk Management and Compliance :

- Conduct comprehensive IT risk assessments, including identifying, analyzing, and evaluating potential risks to IT systems and data.

- Perform vendor audits to ensure third-party compliance with security and privacy requirements.

- Develop and implement risk mitigation strategies and remediation plans.

- Stay abreast of evolving IT and data privacy regulations, including DPDPA, GDPR, CCPA, and other relevant frameworks.

- Maintain and update the organization's risk register.

Data Privacy and Protection :

- Develop, maintain, and enforce data privacy policies and procedures in line with applicable regulations.

- Ensure organizational adherence to data privacy laws and best practices.

- Conduct Data Protection Impact Assessments (DPIAs) for new projects and systems.

- Manage data breach response and notification procedures.

- Oversee data subject requests and ensure timely responses.

Policy Development and Implementation :

- Create, review, and revise IT GRC policies, procedures, and standards.

- Collaborate with cross-functional teams to ensure effective policy implementation and adoption.

- Develop and deliver training programs to educate staff on compliance and data privacy practices.

End-User Awareness and Training :

- Develop engaging content (e.g, flyers, newsletters, presentations) for regular communication to employees on security and privacy topics.

- Design and administer regular information security quizzes to assess employee awareness.

- Conduct online user awareness sessions on information security and data privacy best practices.

Stakeholder Communication :

- Effectively communicate IT GRC and data privacy standards, requirements, and updates to stakeholders at all levels.

- Prepare and present compliance reports for management and regulatory bodies.

- Act as a liaison with external auditors and regulatory agencies during audits and examinations.

Technical Skills :

- Strong understanding of IT GRC frameworks and standards (e.g, NIST, ISO 27001, COBIT).

- Deep knowledge of data privacy regulations and best practices (e.g, DPDPA, GDPR, CCPA, HIPAA).

- Experience with risk assessment methodologies and tools.

- Proficiency in data privacy management tools and technologies.

- Familiarity with cybersecurity technologies and best practices.

- Experience with audit management and compliance reporting.

- Strong understanding of IT infrastructure and security concepts.

- Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint).

Qualifications :

- Bachelor's degree in IT, Computer Science, or a related field.

- 4 to 5 years of experience in IT GRC and data privacy roles.

- Relevant certifications such as CISA, CISSP, CIPP/E, CIPM, or similar are strongly preferred.

Preferred Qualifications :

- Master's degree in a related field.

- Experience with specific GRC platforms (e.g , Archer, MetricStream).

- Experience in a regulated industry (e.g , finance, healthcare)