Location
Bangalore | India
Job description
Security Engineer – GRC.
Position Description
The Cybersecurity GRC team are cybersecurity experts, problem solvers, insight and solution generators, and trusted compliance advisors to the business. We leverage our risk, information security and control expertise to support risk management, Cybersecurity, Regulatory Compliance and to drive continuous process improvements and cost savings. We also partner with various parts of the business (Brand, Product, Technology, and Finance, to name a few) and engage in open dialogue to tap into the creativity of our people and action innovative solutions. A day in the life:
• Support a culture of risk management, risk and control visibility with measurable risk reduction and effective reporting and governance of risk reduction activities.
• Partner with the Lead to establish a Technology Risk Management methodology by adopting NIST RMF (SP800-37), CIS v8 Top 18, COBIT 2019, CSA CCM / CSA STAR registry or ISO 31000:2018 frameworks.
• Participate in performing Technology Risk Assessments of all new projects and technology implementations.
• Determine information security risk profiles for various systems, assets, data etc., using knowledge of lululemon policy, frameworks, standards and relevant industry best practices.
• Develops, updates, establish new policy and review existing risk management policy & standards.
• Ability to characterize the system, identify threats / vulnerabilities, control deficiencies, likelihood determination, impact analysis, risk levels, compensatory control recommendation and results documentation.
• Support and conduct context eshtablishment, risk identification, risk analysis, evaluation, treatment, documentation, communication as well as periodic monitoring / risk re-reviews.
• Escalate security risk exceptions, threats, vulnerabilities, quality, performance, gaps, change control and delivery issues as required..
• Ability to lead stakeholder management, risk communication, risk reviews, driving risk acceptance and risk treatment activities
• Execute automation in applying GRC work flows, tracking risk life-cycle, engaging stakeholders, monitoring and reporting risks
• Collaborates with other members of the Policy, Technology Security & Risk Assessment team on complex matters.
• Identifies needs, develops and implements technology-related continuous improvement initiatives for the department. Qualifications:
• Bachelor’s degree (preferably Management Information Systems). At least one of the following professional certifications: CISA, CRISC, or ISO27001 LA
• Minimum 4 - 6 years Technology risk management experience or a combination of Cybersecurity-GRC and information security experience
• Knowledge/experience with data security and privacy regulations (e.g. NIST CSF, ISO 27001, PCI DSS, GDPR).
• Effective communication and relationship-building skills, a natural affinity for being curious and inquisitive, and an ability to work with ambiguity, analyze situations and problem solve. Must haves:
• Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
• Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
• Communicates with honesty and kindness, and creates the space for others to do the same.
• Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
• Fosters connection by putting people first and building trusting relationships.
• Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously.
Your future duties and responsibilities
Required qualifications to be successful in this role
Insights you can act on While technology is at the heart of our clients’ digital transformation, we understand that people are at the heart of business success.
When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees “members” because they are CGI shareholders and owners, and, as owners, we enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are today—one of the world’s largest independent providers of IT and business consulting services.
At CGI, we recognize the richness that diversity brings. We strive to create a work culture where everyone belongs, and we collaborate with clients in building more inclusive communities. As an equal opportunity employer, we empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.
Ready to become part of our success story? Join CGI—where your ideas and actions make a difference.
Job tags
Salary