EXL IT service management
Location
Noida | India
Job description
Lead Cyber Risk and Controls portfolio of EXL's Cyber Security, Governance, Risk and Compliance through building, managing, and supporting the Risk Management capabilities of the organization to elevate and accelerate cyber maturity. The role shall focus on helping enterprise and business teams to design and implement transformational risk and controls programs to reduce and manage persistent cyber security threats. To be successful in this role, the individual should be an experienced Cyber Security professional who needs to stay on top of the threat and risk landscape, the regulatory environment, our business strategies, emerging technologies (including GEN AI) and how new technologies and ways of working alter our risk and control posture. Responsibilities include but are not limited to:
- Lead effective functioning of Cyber Security Risk Management function
- Drive our agenda to continuously improve our risk management capabilities
- Ensure effective IT and OT security risk management framework is in place to identify, measure, mitigate, monitor and report the risks to which it is or might be exposed to in day-to-day business activities
- Promote sound and effective risk management and an appropriate risk management culture at all levels through active participation in the organization's governance and management framework along with appropriate education and training of employees
- Define, develop and build upon the policies, processes, procedures, controls and governance for integrated security risk management in the organization
- Communicate comprehensive and timely information on material risks along-with (potential) exposure to management on an ongoing basis
- Enable the management to understand the overall risk profile of the organization by conducting periodic risk assessment using quantitative and qualitative techniques to identify organization risk. Developing remediation plans and roadmaps to address it.
- Ensure operational risk management, third party related risks, supply chain risks under the risk management framework and are conducted periodically for business engagements and Crown Jewels
- Ensure that the Cyber Security Risk function is kept up to date with all necessary developments in the external regulatory environment with respect to risk management and to evaluate ways to adopt best practices
- Proactively identify improvement opportunities and drive initiatives that will enhance the overall Cyber maturity and security posture of the organization
- Review new business solutions from the angle of inherent and control risks
- Understand the risk in context to the business/enterprise operating environment, security threat landscape and provide strategic and operational advice to colleagues in the area of security risk management
- Provide oversight to the Client Business Security, RFI/RFP clients and participate in operational and technical presentations and discussions
- Work closely with security operations, data protection and BCM teams to create and publish risk advisory for executive management
- Partner with functional teams to work on Cyber capabilities/solutions, proof of concepts
This is a high visibility role and requires a strong risk management acumen with outstanding stakeholder management skills.
Technical Skills:
- Broad technical knowledge of and experience with IT security, Zero Trust Architecture, Risk Management, Value At Risk, Defense in Depth, Compliance frameworks, Cloud computing, Industry standards and frameworks
- Understanding of security requirements, contributions to security design and hands-on implementation of multiple security technologies and capabilities
- Hands on experience working with stakeholders in identifying, prioritizing and developing plans and roadmaps for cybersecurity programs
- Demonstrates expertise to deliver functional and technical solutions on moderately complex engagements
Process Specific Skills:
- Knowledge of latest cybersecurity trends & global industry best practices
- Broad domain knowledge and strong understanding of four or more cyber security domains including (but not limited to):
- Cyber risk strategy
- Cyber risk program management and delivery
- Third party risk management
- Cloud security
- Cybersecurity operations
- Security architecture
- Data protection
- Application security/SDLC
- Cyber Threat Intelligence
- Incident Response
- Cyber Resilience
Soft skills (Minimum):
- Operates independently to provide quality work products to an engagement
- Vendor/Partner management
- Effective oral, written, interpersonal communication skills and presentation skills
- Ability to influence and guide both customers and internal stakeholders around business and technical risk mitigation strategies
- Decision making and communication
- Risk management skills
- Business Acumen
- Strong collaboration with global teams
- Strong presentation and communication skills
- Operational experience in a Global-multi-Industry-Regulated-Growth business environment
- Knowledge of Advanced Cyber Security Capabilities in the Industry
- Cyber Risk Management mindset
- Self-Started & Sense of Purpose
- Experience in interacting with Senior leaders
Job tags
Salary
