Home
Communities
Companies
- Companies
  
  Discover best places to work
- Compare Companies
  
  Compare & find best workplace
- Add Office Photos
  
  Bring your workplace to life
- Add Company Benefits
  
  Highlight your company's perks
Reviews
- Company reviews
  
  Read reviews for 6L+ companies
- Write a review
  
  Rate your former or current company
Salaries
- Browse salaries
  
  Discover salaries for 6L+ companies
- Salary calculator
  
  Calculate your take home salary
- Are you paid fairly?
  
  Check your market value
- Share your salary
  
  Help other jobseekers
- Gratuity calculator
  
  Check your gratuity amount
- HRA calculator
  
  Check how much of your HRA is tax-free
- Salary hike calculator
  
  Check your salary hike
Interviews
- Company interviews
  
  Read interviews for 40K+ companies
- Campus placements
  
  Interviews questions for 2K+ colleges
- Share interview questions
  
  Contribute your interview questions
Jobs
Awards

WINNERS AWAITED!
- ABECA 2025
  
  WINNERS AWAITED!
  
  AmbitionBox Employee Choice Awards - 4th Edition
- ABECA 2024
  
  AmbitionBox Employee Choice Awards - 3rd Edition
- AmbitionBox Best Places to Work 2022
  
  2nd Edition
- AmbitionBox Best Places to Work 2021
  
  1st Edition

For Employers

Add office photos

Employer? Claim Account for FREE

Trendence

Compare

No reviews yet

17 Trendence Jobs

Information Security Engineer - Governance, Risk and Compliance (GRC)

Trendence

2-5 years

Bangalore / Bengaluru

1 vacancy

Trendence

posted 1d ago

Job Role Insights

Key skills for the job

Analytical Chemistry Risk Management Information Security Data Processing Cisa RFP

+ 3 more

Job Description

In this role, you will partake in all GRC, Privacy and Business Continuity initiatives for the organization working with other ISG Functions, relevant stakeholders internally within the organization, and where applicable with external stakeholders. For this, you will handle initiatives such as, but not limited to,

oCyber Security and Privacy Strategy and Strategic Plan
oCyber Security and Privacy Governance Framework
oCyber Security and Privacy benchmarking
oHandling of Cyber Security, Privacy and Business Continuity implementations, maintenance, Audits and Attestations with respective to ISO 27001:2013 / 2022 (ISMS), ISO 27701:2019 (PIMS), ISO 22301:2019 (BCMS), SOC2 Type-2 Attestation, HITRUST Certification Audits, GDPR, Security Councils and Reporting
oProgram Management Office (PgMO)
oCyber Security and Privacy Skill Management
oExternal and Internal Cyber Security and Privacy branding
oThird-Party Risk Management (TPRM)
oMA Cyber Security
oCyber Security and Privacy Regulatory Compliance
oBusiness Continuity Management (BCM) and Cyber Resilience Program

oInculcate Privacy by Design (PbD) as a conscious practice in the organization
oBuilding and institutionalization of relevant Policies, Processes, Procedures and Guidelines in the organization

oClosely work with relevant stakeholders to ensure compliance against Privacy and Data Protection requirements at all times, including incorporating of appropriate Data Processing Agreements (DPAs) covering relevant Fiduciary / Controller / Processor / Sub-Processor relationships as needed and adherence to applicable Regulatory requirements such as, but not limited to, Indian DPDP, EU GDPR, CCPA etc.

oUndertake Privacy Impact Assessments (PIA) / Data Protection Impact Assessment (DPIA) and review any relevant changes which can influence the use, storage or disposal of any form of Personally Identifiable Information (PII) and drive closures of identified gaps / risks to closure without permissible timelines

oAlign and maintain the Privacy Program in line with the Privacy Information Management System (PIMS) basis ISO27701:2019 Standard

oAlign and maintain the BCM in line with the Business Continuity Management System (BCMS) basis ISO 22301:2019 Standard

Work with stakeholders to ensure timely identification, recording and notification to relevant Supervisory Authorities, Clients or other effected parties as well as its resolution, in the event of a relevant, material incident, should it occur
oKeep abreast with the latest happenings on global Privacy Regulations so as to ensure compliance to the same
oHelp the CISO DPO drive the Information Security Council (ISC) through its comprehensive Metrics program and reporting expectations.
oRespond to RFP/Is, review / redline MSA / SoWs, Information Security and Privacy Addendums, Data Protection Addendums (DPA), Client Security questionnaires etc.
oAssist the team in designing, implementing, maintaining and continually improving the Information Security and Privacy culture in the organization so as to ensure a robust and scalable Cyber Security and Privacy program

Knowledge expectations

oYou come with up to 3 years of working experience in Information Security
oYou have a good understand of applying pragmatic Information Security and Privacy controls in leading Standards and Frameworks such as, but not limited to, Information Security Management System (ISO 27001:2022), Privacy Information Management System (ISO 27701:2019), Business Continuity Management System (ISO 22301:2019), NIST Cyber Security Framework (NIST), NIST 800-53, PCI DSS, HIPAA, SSAE-18 SOC1 or SOC2 and SoX controls, ITIL, having been part of various implementations and compliance initiatives on the same
oWorking knowledge of any leading GRC workflow tools (e.g.: OneTrust, RSA Archer, RSAM etc.)
oYou have a good understanding of essential controls in one or more of the following Cloud platforms - Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP)
oYou come with experience in assessing applications, systems and processes those handling PII and recommending corrective actions to achieve compliance with relevant Privacy and Data Protection requirements
oYou come with working knowledge of interpretation and control implementations pertaining to Cyber Laws, Privacy and Data Protection Laws as well as relevant decisions / guidance issued by Supervisory Authorities, Courts and Tribunals from time to time in applicable jurisdictions
oYou stay informed on the latest on the dynamic Regulatory landscape which can influence the need to, and the scope of various Information Security and Privacy Controls in the organization

Required education and certifications

oYou are an Engineering graduate, have an equivalent or higher education
oYou have acquired one or more of the following certifications - CISSP, CRISC, CISM, CISA, CIPP, CIPM, FIP, CDPSE, ISO 27001:2013 / 2022 Lead Implementer / Auditor, ISO 27701:2019 Lead Implementer / Auditor, ISO 22301:2019 Certifications

Skill expectations and others

oYou have great attention to detail, strong communication and collaboration skills
oYou come with a mix of technical, analytical and problem-solving skills
oYou come with a mindset of helping improve the Privacy Program at all times
oYou are an avid learner which you continuously look at imbibing and applying on the job
oYou are a self-starter, a go getter and an innovative thinker with a positive attitude