Manager - GRC - Ahmedabad

Company Overview:

Tribastion Technologies Private Limited is an emerging cybersecurity company headquartered in Ahmedabad, India. We specialize in delivering comprehensive cyber security consulting and managed security services to individuals and organizations.

Our services include proactive threat detection, swift incident response, continuous monitoring, and expertly designed security solutions to protect your digital environment from cyber threats. We cater to the broader cyber landscape, encompassing IT, OT, and Cloud environments.

Our long-term vision is to establish Tribastion as an Indian multinational, recognized globally as the preferred partner for quality cybersecurity solutions.

Experience: 8+ Years

Location: Ahmedabad

Key Responsibilities

• Act as the functional specialist for Cyber Security Risk Management (CSRM):
• Proactively review ADL information security and related risks wrt threats and vulnerabilities, legal and regulatory compliance
• Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the CSRM requirements and its implementation methodologies.
• Facilitate smooth conduct of Risk Assessment on Applications, Network& Systems, & Regulatory.
• Coordinate in conducting VAPT (Vulnerability Assessment and Penetration Test), Review VAPT results and recommend the risks to be remediated.
• Work with Project Managers, Business Analysts, Architecture and Support Team to ensure ADLs CSRM standards are being followed.
• Incorporate Security in the Software Development Life cycle. Support the Prevent and Validate staff and CSRM in education and awareness of Information security related issues and risks, and influence of behaviors of IT and Business staff as part of mitigating these risks.
• Actively participate in reviewing and improving the Information Security Controls implemented in the organization.
• Active participation in the Assurance and Architecture level discussions in the engagements.
• Serves as CSRM entity for creating Security awareness sessions both scheduled (Induction) and ad-hoc ones.

Requirements

• Good understanding of, and experience with Information Risk Management, Audit (internal and external), and Business (IT) Controls.
• Advanced understanding of internal and external IT security standards, PCI standards and relevant legal compliance aspects like GDPR, Different Privacy Laws, Various compliances like ISO, BS etc.
• Robust understanding of, and solid experiences with the impact of CSRM on application development and operations as well as the IT Infrastructure.
• Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
• Technical knowledge & relevant experience in security domains /technologies related to:
• Infrastructure/Network security
• Identity and Access Management
• Business Impact Assessment Knowledge of Data Security Standards: PCI DSS, Privacy Principles, GDPR etc.
• Driving Platform / Application security and compliance as part of Project Engagement.
• Ability to foresee and identify mitigation strategies for Risks Candidate must also:
• Display excellent communicating and influencing skills
• Display analytical and problem solving skills
• Be pro-active and self-motivated
• A qualification in CISA, CRISC or CISM Experience
• Must have previous experience in an (Information/Cyber) Risk Management team.
• Experience with GDPR, Privacy basics will be an added advantage.