Job Description

AVP and Head of Governance, Risk & Compliance

Work Experience

20-23 years of related experience in information technology Infrastructure, Engineering, Operation, Risk Assessment and Advisory

10-12 years relevant experience in Cyber / Information security governance, risk, and compliance management and technical risk management as well as risk advisory services related hands on experience.

Experience with Cyber / Information Security Policy, standards, and controls definition.

Strong knowledge of current and emerging Cyber / Information Security risks, and innovative risk management methods and solutions.

Ability to collaboratively develop a risk strategy in conjunction with stakeholders.

Strong analytical thinking, written, and oral communication, and presentation skills.

Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, SOC2, GDPR, MRC, and ISO standards (ISO 27001, ISO 22301).

Must have the ability to influence others and work at all management levels across the organizational structure.

Broad understanding of security and privacy concepts.

Experience working in the Indian Banking domain.

Skilled at planning, tracking plans, working cross departments to review processes and controls, and gathering and organizing documentation and test results.

Able to understand contracts and technical documentation and can assess it for consistency and alignment with processes and controls outlined in requirements and audit materials.

Ability to effectively communicate and relate to all levels of the organization.

Industry

Financial Domain (Banking / NBFC experience is desirable)

Responsibilities

Directly responsible for policies, procedures, and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices.

Develop and manage Cyber/Information security risk management program including development, evaluation, and adherence to multiple areas of practice.

Develop a Risk Management Strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels using the CMMI Cyber Maturity / NIST CSF Framework.

Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards.

Identify, assess, manage, and track remediation of risks related to IT infrastructure, applications, platforms, and suppliers and drive explicit requirements and timelines in all environments.

Develop strong relationships with external audit, key stakeholders, and regulators to ensure risk management oversight is understood, managed appropriately, and current with all standards, guidelines, and regulations that are applicable.

Liaise with all departments to identify, track, and provide remediation guidance for new projects, services, and/or third-party contracts in terms of information security assurance.

Oversee high risk initiatives and serve as a point of escalation for remediation/mitigation efforts.

Develop a security compliance strategy and approach and ensure compliance with ISO 27001 (ISMS), ISO 22301 (BCMS), RBI Master Directions, local cyber security & privacy laws (DPDP), contractual requirements, and globally recognized standards and guidelines.

Identify regulatory, legislative, and industry-specific compliance requirements and define controls that can be used to meet those requirements.

Oversee third party (Vendor) assessment standards and privileged user monitoring as a check on critical system access.

Coordinate a team which serves as the intake on security related inquiries and coordinate with subject matter experts.

Build out and maintain existing GRC tools and processes within information security to provide visibility and transparency.

Perform any other related duties as required or assigned.

Certifications

Industry recognized certification in Cyber Security / Information security - At least one of the (CISSP, CISA, CISM, CRISC) Preferred.

Education

University Degree in the field of Engineering and Technology such as BE/B.Tech, BSc/MSc/BCA/MCA, Preferred specialization in the Information Security or Cyber Security

Employment Type

* All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent.