Job Description

1. Ensure all IT Infrastructure & Cloud information security and cyber security policies, procedures
and guidelines are reviewed and updated in a timely manner and exceptions to those are
handled appropriately.
2. The ideal candidate will collaborate with internal stakeholders and external auditors to manage
Information Security and compliance risks.
3. Assess the efficacy of security controls, document and report control failures and gaps to
stakeholders, provide remediation guidance and prepare management reports to track
remediation activities.
4. Implement security controls, risk assessment framework and program that aligns to best
practices and regulatory requirements.
5. Develop relevant metrics, analyze data, identify trends and help drive improvements to the
control environment.
6. Ensure key information security risks and issues are identified, addressed and resolved in a
timely manner.
7. Ensure risk acceptances are documented, tracked and followed up till closures and renewed
whenever required.
8. Execute routine compliance reviews and reporting for the ITS operational landscape (e.g.,
applications, networks, cloud platforms, OS, databases), gauging conformity with company
policies, standards, and pertinent regulations.
9. Drive security awareness program across the organization. Ensure the awareness activities are
handled appropriately, including but not limited to creation of content, help in designing the
content and broadcasting of content to relevant parties in a timely manner post approvals.
10. Assist in ISO certification maintenance activities and migration to new standard activities as per
organization requirements.
11. Well versed with well-known security frameworks such as ISO 27001, ISO 22301, NIST, COBIT etc.
12. Collaborate closely with Central Risk Management, Procurement, Internal Audit, and Legal
divisions to derive compliance benchmarks from legislative mandates and corporate objectives
13. Lead the execution and reporting of outcomes derived from Third Party Risk Assessments
14. Play a vital role in enhancing the GRC function, leveraging a comprehensive understanding of
modern technology governance, risk & compliance management methodologies.
15. First point of contact for IT auditors (internal & external)
16. Evidence collection and management as single repository
17. Conduct internal ad-hoc audits of IT processes and controls