Job Location: Chennai / Hyderabad / Pune
Introduction:
Information Risk Management (IRM) program encompasses a global team that is responsible for ensuring all security risks pertaining to corporate/support functions are managed end to end. The team is a corporate facing team and engages on a frequent basis with corporate functional leaders to identify, analyze and mitigate security risks. The team is also the primary touch point between the Corporate Security Groups and other corporate functions, while supporting the organizational security requirements and compliance.
Responsibilities:
Contribute towards the execution of policies, standards and procedures specific set by enterprise standards and account specific standards as they apply to Security Governance, Risk, and Compliance requirements from organizational perspective.
Shall serve as the subject matter expert within corporate functions for risk management and related activities, as well as for all security matters
Perform periodic Security Risk assessments and conduct related ongoing compliance monitoring activities with corporate standards as well as measure alignment with NIST and ISO27001, etc.
Review security exceptions for the specific corporate function and identify risks
Conduct risk assessments for all service lines of each corporate functions and advise the corporate leadership on risk mitigation
Monitor the risk mitigation plans and help bring open risk to closure
Work with internal and external auditors for any third party assessments on corporate functions
Provide periodic updates to the management on compliance efforts
Develop and monitor security metrics for corporate functions
Demonstrates proven expertise and success managing project work streams in system security, cyber security controls or information security management environment, specifically on the following information security domains:
o Security Architecture and Strategy (Integrated Risk Management)
o Identity & Access Management
o Data Leakage Prevention; Focus on Data Flow, Encryption
o Large Complex Program Execution/Implementation
o Security Function Design and Governance
o Incident Management
o Security Infrastructure
o Cloud Security
Requirements:
Overall Experience-
3 to 12 years
Mandatory Experience-
A four-year college degree in Computer Science or equivalent certification is required.
A minimum of 9+ years of experience in information security including resource management experience
In-depth understanding of network and system security technology and practices across all major-computing areas (client/server, Cloud, IoT, IPA, AI, data science) with a special emphasis on Internet related technology.
A high level of integrity and trust
Focused personality, with a demonstrated ability to take initiative, successfully handle and prioritize multiple competing assignments and effectively manage deadlines
Security certifications desired such as ISO27001 LA/LI, CISA and CRISC etc.
Familiarity and experience implementing Enterprise Risk Management framework
Familiarity with SOC2 & ISO27001 audits and third party risk reviews
Desirable Experience-
Benefits:
Exposure to new processes and technologies.
Competitive salary at par with the best in the industry.
Flexible and employee friendly environment.
What other companies call this role?
IRM Professional
Risk Manager
Risk Analyst
Source link
