Location
Secunderabad | India
Job description
Job Description
Level: Full-time Job Objective Responsible for leading and managing corporate governance, risk management independently, ensuring compliance to policies, process adherence, and process improvisation to achieve Aeries business objectives of business continuity, risk identification, assessment, quantification, reporting, communication, mitigation, and monitoring risk events
Key requirements -- Assisting in day-to-day operations of the risk and compliance team of the organization.
- Liaising with stakeholders in the organization to obtain necessary inputs vis-e-vie risk registers.
- Creating a robust risk assessment framework for the organization.
- Drafting compliance and risk reports.
- Gather security risk data, perform risk ranking qualitative and quantitative analysis.
- Analyze security risks using real-world security data and systems automation.
- Frequently document and communicate security risks, collaborating with a range of stakeholders from individual contributors to senior leadership levels.
- Analyze the security of new or existing applications, software, or specialized utility programs in strategy, functional, operational and financial corporate areas and provide risk recommendation.
- Support strategic and technical initiatives, perform Operational Risk Assessments, manage Risk Acceptance activities, develop risk posture and remediation recommendations.
- Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the privacy, security or integrity of protected information.
- Be an integral member of the risk and compliance team to build and maintain strong cross-functional relationships across the company to aid in achieving consensus, expectation setting, training and awareness, and promote consistency and improvement in our processes.
- Contribute to the production and improvement of the content, quality, and timing of security governance, risk and compliance analysis and reporting.
- Own and drive activities related to the remediation of technical security and compliance risks with cross-functional teams, including, but not limited to, leading meetings, working to assign, track work items, and producing reports.
Knowledge: - Has advanced knowledge of common security risks, vulnerabilities, and threats and can escort these issues through triage / risk treatment conversations.
- Validated understanding of relevant information security frameworks, including related regulatory compliance requirements, such as ISO 27001/2 (including ISO 27017 & 18), FedRAMP, SOC 2 Trust Services Criteria, CIS Top 20, PCI DSS, NIST CSF / 800-53, HIPAA.
Skills - Strong security mindset
- Strong hands-on experience of the GRC and Risk Management
- Developing and implementing enterprise governance, strategy, risk management and remediation solutions
- Questions status quo and navigates through roadblocks
- Security project management and planning
- Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions
- Using judgment and ingenuity in maintaining objectives and technical standards
Ability - Self-motivating and able to work under own initiative.
- Professional with a strong work ethic.
- Able to thrive in a highly pressurised and changing environment.
- Diplomatic with the ability to interact successfully with all levels of the business.
- An ability to translate security requirements, risks and standards into easily understood business concepts and vice versa.
Qualification - 7+ years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry.
- Experience supervising the design and operation of risk & control assessments to target different levels of information (e.g., RCSA vs. a service level assessment).
- Being well versed with the workings of risk registers for business units and client projects.
- Being well versed with issues (operational/regulatory) that impact the risk assessment of a company.
- Experience of handling SOC and ISO audits.
- Ability to operate independently and take decisions without assistance and guidance.
- Knowledge of Information Security risk assessment.
- Experience implementing agile use cases in a GRC technology solution.
- Executive presence: can represent a vision and build consensus across a variety of partners.
- Knows how to estimate work effort and incubate skill sets to achieve team goals.
- Strong knowledge of audit and risk management methodologies, such as SOX, COBIT, NIST RMF / 800-37 / 800-30.
- SaaS and data management industry experience is a plus.
- Professional certifications in Information Security or Risk Management (e.g., CISA, CISM, CRISC, CGEIT, CSX-P, CISSP, CCSK) is a plus.
Job tags
Salary