Risk Compliance and Governance Analyst
Location
Mumbai | India
Job description
Role Purpose
The purpose of the role is to analyse security requirements anddesign security solutions towards
protecting organization’s security assets.
Do
- Analyse Risk and Compliance assurance to protect sensitiveinformation
- Identify Risk and compliance issues at all levels as per theupdates
- Analyse common compliance frameworks and ensurepolicies, processes and standards are in place
- Perform quarterly audit, sample testing and report risks
- Communicate assurance findings to the clients in a timely manner
- Monitor remediation on assurance findings and ensure closure ofall open points
- Ensure all required controls are implemented, documented andmonitored so as to ensure full audit compliance.
- Coordinate with IT team members to ensure IT audit findings areaddressed in a timely manner.
- Provide timely and accurate reporting and documentation tomanagement on all key parameters as needed.
- Perform annual SOC preparedness audit to ensure that system setup are secure and maintain privacy of customer data
- Suggest corrective measures to cyber security issues and providetimely support and future recommendations
Stakeholder Interaction
Stakeholder Type | Stakeholder Identification | Purpose of Interaction |
Internal | CRS practice team | Reporting and updates |
IT team | To understand IT systems and audit |
Internal Legal Team | For discussing legal Practices |
External | Customer | Data analysis and reporting |
Display
Lists the competencies required to perform this role effectively:
- Functional Competencies/ Skill
- Domain/Industry Knowledge – Awareness and knowledge ofCorporate IT Security ~ Contractual IT Governance & Compliance ~Data Protection ~ Privacy ~ IT General Controls ~ Internal &External IT – Expert
- Leveraging Technology – In-depth knowledge of and mastery overecosystem technology that commands expert authority respect – Master
- Technical knowledge – Complete understanding of risk andcompliance audits((ISO27001, SOX, HIPAA, GLBA, PCI DSS, SSAE16 etc.)- Expert
Competency Levels
Foundation
Knowledgeable about the competency requirements. Demonstrates (inparts) frequently with minimal support and guidance.
Competent
Consistently demonstrates the full range of the competency withoutguidance. Extends the competency to difficult and unknown situations aswell.
Expert
Applies the competency in all situations and is serves as a guide toothers as well.
Master
Coaches others and builds organizational capability in the competencyarea. Serves as a key resource for that competency and is recognisedwithin the entire organization.
- Behavioural Competencies
- Strategic perspective
- Technology Acumen
- Communication and Presentation Skills
- Problem Solving approach
- Managing Complexity
- Client centricity
Deliver
No. | Performance Parameter | Measure |
1. | Adherence to established risk and compliance framework | % deviation from audit, release audit scores, closure on auditpoints, cyber health of the organization, audit timelines |
2. | Disaster recovery | Number of risks identified and mitigated, Timely communication to theclient |
GRC Process
Job tags
Salary