Job Description

:

Role Purpose

The purpose of the role is to lead and manage securityrequirements and recommend specific improvement measures that helpsmaintain the Security posture of organisation

Do

• Lead Risk and Compliance to protect sensitive information
• Drive Risk Management, Regulatory and Contractual compliance
• Diagnose the level of preparedness of the customer for cybersecurity and health and accordingly propose a solution to the client
• Build appropriate risk governance with client partners andinternal stakeholders and ensure customer policies and SOWrequirements are in line with the deliverables
• Govern design and rollout of Common Compliance frameworks
• Ensure policies, processes and standards are in place toidentify, assess, measure, manage and report risks
• Manage the security requirements including regulatoryrequirements as per the customer demands
• Monitor risk controls like access controls, backup, recovery,network security etc as per the client needs
• Act as point of contact for escalations on the risk managementframework and provide guidance / decisions as appropriate
• Act as the Subject Matter expert (SME) on risk for team anddrive actions required to ensure the businesses remain fully compliant
• Responsible for building, developing & maintaining effectiverelationships with Key stakeholders in Client Organisations, especiallyrelated to their Risk functions
• Ensure all required controls are implemented, documented andmonitored so as to ensure full audit compliance
• Coordinate with IT team members to ensure IT audit findings areaddressed in a timely manner
• Monitor overall cyber health of the customer and suggestcorrective measures to cyber security issues and provide timely support
• Team Management
• Team Management
• Clearly define the expectations for the team
• Assign goals for the team, conduct timely performance reviews andprovide constructive feedback to own direct reports

• Guide the team members in acquiring relevant knowledge and developtheir professional competence
• Educate and build awareness in the team in Wipro guidelines onrevenue recognition, pricing strategy, contract terms and RevenueAssurance Manual
• Ensure that the Performance Nxt is followed for the entire team
• Employee Satisfaction and Engagement
• Lead and drive engagement initiatives for the team
• Track team satisfaction scores and identify initiatives to buildengagement within the team

Stakeholder Interaction

Stakeholder Type

Stakeholder Identification

Purpose of Interaction

Internal

CRS practice team and delivery leadership

Reporting, governance and thought leadership

IT team

To understand IT systems and audit

Internal Legal Team

For discussing legal Practices

External

Customer

For risk assessment

Display

Lists the competencies required to perform this role effectively:

• Functional Competencies/ Skill

• Domain/Industry Knowledge \xe2\x80\x93 Awareness and knowledge ofCorporate IT Security ~ Contractual IT Governance & Compliance ~Data Protection ~ Privacy ~ IT General Controls ~ Internal &External IT Audits ~ Vendor Information Security Assessments ~ ThirdParty IT Security Assessment Programmes & IT Risk Reviews ~ ITConsulting ~ Client Relationship Management ~ Network Solutioning\xe2\x80\x93 Expert
• Leveraging Technology \xe2\x80\x93 In-depth knowledge of and mastery overecosystem technology that commands expert authority respect \xe2\x80\x93Master
• Technical knowledge \xe2\x80\x93 Complete understanding of risk andcompliance audits((ISO27001, SOX, HIPAA, GLBA, PCI DSS, SSAE16 etc.)- Expert

Competency Levels

Foundation

Knowledgeable about the competency requirements. Demonstrates (inparts) frequently with minimal support and guidance.

Competent

Consistently demonstrates the full range of the competency withoutguidance. Extends the competency to difficult and unknown situations aswell.

Expert

Applies the competency in all situations and is serves as a guide toothers as well.

Master

Coaches others and builds organizational capability in the competencyarea. Serves as a key resource for that competency and is recognisedwithin the entire organization.

• Behavioural Competencies

• Strategic perspective
• Technology Acumen
• Communication and Presentation Skills
• Problem Solving approach
• Managing Complexity
• Client centricity

Deliver

No.

Performance Parameter

Measure

1.

Adherence to established risk and compliance framework

Reported incidents, no. of major security incidents, cost perincident, meeting regulatory requirements, appropriate management ofcustomer impact, mean time to detect (MTTD), mean time to resolve(MTTR), cyber security training

2.

Disaster recovery

Number of risks identified and mitigated, timely solution to securitybreaches

Institutional Compliance

Wipro