Archer/ Risk Compliance & Governance Lead
Location
Bangalore | India
Job description
Role Purpose
The purpose of the role is to lead and manage securityrequirements and recommend specific improvement measures that helpsmaintain the Security posture of organisation
Do
- Lead Risk and Compliance to protect sensitive information
- Drive Risk Management, Regulatory and Contractual compliance
- Diagnose the level of preparedness of the customer for cybersecurity and health and accordingly propose a solution to the client
- Build appropriate risk governance with client partners andinternal stakeholders and ensure customer policies and SOWrequirements are in line with the deliverables
- Govern design and rollout of Common Compliance frameworks
- Ensure policies, processes and standards are in place toidentify, assess, measure, manage and report risks
- Manage the security requirements including regulatoryrequirements as per the customer demands
- Monitor risk controls like access controls, backup, recovery,network security etc as per the client needs
- Act as point of contact for escalations on the risk managementframework and provide guidance / decisions as appropriate
- Act as the Subject Matter expert (SME) on risk for team anddrive actions required to ensure the businesses remain fully compliant
- Responsible for building, developing & maintaining effectiverelationships with Key stakeholders in Client Organisations, especiallyrelated to their Risk functions
- Ensure all required controls are implemented, documented andmonitored so as to ensure full audit compliance
- Coordinate with IT team members to ensure IT audit findings areaddressed in a timely manner
- Monitor overall cyber health of the customer and suggestcorrective measures to cyber security issues and provide timely support
- Team Management
- Team Management
- Clearly define the expectations for the team
- Assign goals for the team, conduct timely performance reviews andprovide constructive feedback to own direct reports
- Guide the team members in acquiring relevant knowledge and developtheir professional competence
- Educate and build awareness in the team in Wipro guidelines onrevenue recognition, pricing strategy, contract terms and RevenueAssurance Manual
- Ensure that the Performance Nxt is followed for the entire team
- Employee Satisfaction and Engagement
- Lead and drive engagement initiatives for the team
- Track team satisfaction scores and identify initiatives to buildengagement within the team
Stakeholder Interaction
Stakeholder Type | Stakeholder Identification | Purpose of Interaction |
Internal | CRS practice team and delivery leadership | Reporting, governance and thought leadership |
IT team | To understand IT systems and audit |
Internal Legal Team | For discussing legal Practices |
External | Customer | For risk assessment |
Display
Lists the competencies required to perform this role effectively:
- Functional Competencies/ Skill
- Domain/Industry Knowledge – Awareness and knowledge ofCorporate IT Security ~ Contractual IT Governance & Compliance ~Data Protection ~ Privacy ~ IT General Controls ~ Internal &External IT Audits ~ Vendor Information Security Assessments ~ ThirdParty IT Security Assessment Programmes & IT Risk Reviews ~ ITConsulting ~ Client Relationship Management ~ Network Solutioning– Expert
- Leveraging Technology – In-depth knowledge of and mastery overecosystem technology that commands expert authority respect – Master
- Technical knowledge – Complete understanding of risk andcompliance audits((ISO27001, SOX, HIPAA, GLBA, PCI DSS, SSAE16 etc.)- Expert
Competency Levels
Foundation
Knowledgeable about the competency requirements. Demonstrates (inparts) frequently with minimal support and guidance.
Competent
Consistently demonstrates the full range of the competency withoutguidance. Extends the competency to difficult and unknown situations aswell.
Expert
Applies the competency in all situations and is serves as a guide toothers as well.
Master
Coaches others and builds organizational capability in the competencyarea. Serves as a key resource for that competency and is recognisedwithin the entire organization.
- Behavioural Competencies
- Strategic perspective
- Technology Acumen
- Communication and Presentation Skills
- Problem Solving approach
- Managing Complexity
- Client centricity
Deliver
No. | Performance Parameter | Measure |
1. | Adherence to established risk and compliance framework | Reported incidents, no. of major security incidents, cost perincident, meeting regulatory requirements, appropriate management ofcustomer impact, mean time to detect (MTTD), mean time to resolve(MTTR), cyber security training |
2. | Disaster recovery | Number of risks identified and mitigated, timely solution to securitybreaches |
GRC Process
Job tags
Salary
