Manager - Governance/Risk & Compliance - Banking Domain

We are hiring for a Banking subsidiary in India.

Financial Domain (Banking / NBFC experience is desirable).

Managerof Governance Risk and Compliance.

Location Juinagar, Navi Mumbai.

Experience 12+yrs.

Location Juinagar, Navi Mumbai.

- Education University Degree in the field of Engineering and Technology such as BE/B.Tech,- BSc/MSc/BCA/MCA , Preferred specialization in the Information Security or Cyber Security.

- Certifications - Industry-recognized certification in Cyber Security / Information security At least one of the- (CISSP, CISA, CISM, CRISC) Preferred.

Work Experience:

- 12+ years of related experience in information technology Infrastructure, Engineering,. Operation, Risk Assessment and Advisory.

- 8+ years relevant experience in Cyber / Information security governance, risk, and. compliance management and technical risk management as well as risk advisory services. related hands on experience.

- Strong knowledge of current and emerging Cyber / Information Security risks, and innovative. risk management methods and solutions.

- Ability to collaboratively develop a risk strategy in conjunction with stakeholders.

- Strong analytical thinking, written, and oral communication, and presentation skills.

- Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, SOC2,. GDPR, MRC, CCPA, and ISO standards.

- Must have the ability to influence others and work at all management levels across the. organizational structure.

- Broad understanding of security and privacy concepts.

- Experience working in the Indian Banking domain.

- Skilled at planning, tracking plans, working cross departments to review processes and. controls, and gathering and organizing documentation and test results.

- Able to understand contracts and technical documentation and can assess it for consistency. and alignment with processes and controls outlined in requirements and audit materials.

- Ability to effectively communicate and relate to all levels of the organization. Industry.

- Financial Domain (Banking / NBFC experience is desirable).

Responsibilities:

- Directly responsible for policies, procedures, and controls to assure compliance with. applicable regulatory, legal and audit requirements as well as good business practices.

- Develop and manage Cyber/Information security risk management program including. development, evaluation, and adherence to multiple areas of practice.

- Develop a Risk Management Strategy that identifies and classifies risks, defines appropriate. tolerances, prioritizes mitigation activities, and measures risk levels using the CMMI Cyber.

- Maturity / NIST CSF Framework.

- Establish and oversee formal risk analysis and self-assessments program for various. information services, systems, processes and recognized industry standards. Identify, assess, manage, and track remediation of risks related to IT infrastructure,. applications, platforms, and suppliers and drive explicit requirements and timelines in all. environments.

- Develop strong relationships with external audit, key stakeholders, and regulators to ensure. risk management oversight is understood, managed appropriately, and current with all. standards, guidelines, and regulations that are applicable.

- Liaise with all departments to identify, track, and provide remediation guidance for new. projects, services, and/or third-party contracts in terms of information security assurance.

- Oversee highest-risk initiatives and serve as a point of escalation for remediation/mitigation. efforts.

- Develop a security compliance strategy and approach and ensure compliance with MRC,. SOC2, ISO27001, CCPA, GDPR, local privacy laws, contractual requirements, and globally. recognized standards and guidelines.

- Identify regulatory, legislative, and industry-specific compliance requirements and define. controls that can be used to meet those requirements.

- Oversee third party (Vendor) assessment standards and privileged user monitoring as a. check on critical system access.

- Act as privacy and compliance officer and serves as the intake on security related inquiries. and coordinate with subject matter experts.

- Build out and maintain existing GRC tools and processes within information security to. provide visibility and transparency.

- Perform any other related duties as required or assigned.