Manager - Risk & Compliance - IT

Manager - Risk & Compliance - IT

- Should have minimum degree in Engineering or Science.

- Through Knowledge of information security / guidelines such as ISO 27001 - 2013, ISO 22301, ICH, GxP IT act etc. and ITIL framework.

- Experienced in drafting policies and procedures.

- Have a good understanding of Industry Best Practices & Regulatory Requirements; ISO27001, ISO20000, Cobit, PCI, etc

- Relevant IT Security Certifications (CISA, CISM, CISSP, ISO27001 LA, ISO22301 LA, ISO2000 LA & Cobit Etc.) preferred

- Should have participated in minimum of two ISO 27001 certification process.

- Ensuring Organisational Compliance with corporate information security policy.

- Procedures applicable laws and regulations by conducting audits and monitoring.

- conduct information security meetings to keep management updated on current identified risks and mitigation plans,

- Ensure the account remains green on Issues, Patches, Security Health Checks, User ID primary / secondary controls and driving these items before they become overdue.

- Engage and take ownership for implementation of global initiatives in the controls / compliance areas and ensure that the initiatives are implemented on time.

- Review the KPIs with the Compliance team members and suggest process changes

- Provide pre-audit and post-audit support for both internal audits and external audits

- Facilitate / Drive Root Cause Analysis (RCA), identification of corrective and preventive actions and follow-up for closure

- Responsible & Accountable for ensuring smooth audit, security and compliance functions - Liaison between parent organization IT team and client IT Risk team/PMO

- Ensures tracking of the software utilization within Account

- Perform Annual Risk Reviews & Update status of Risks to the management

- Compliance and Security Lead will assume responsibilities for risk, compliance and regulatory activities within an account.

- The candidate must have a firm understanding of Account risk and compliance standards, policies, tools and technology to nurture, motivate, and retain a strong bench of risk, security and compliance skills and talent.

- The candidate must also be able to passionately communicate about risk, compliance and security innovation, and delivery excellence to multiple levels of management including external clients as required.

- Lead different kinds of Compliance & Audit testing, deep dives, reviews and activities

- Lead Compliance related Projects & Initiatives as assigned

- Ensure the account remains green on Issues, Patches, Security Health Checks, User ID primary / secondary controls and driving these items before they become overdue

- Provide early warnings on potential non-compliances

- Review/Verify the health of critical processes such as Health check, Patch Management, User id & Shared ID management

- Do gap analysis and drive action plans to ensure the account is compliant and audit ready

- Engage and take ownership for implementation of global initiatives in the controls / compliance areas and ensure that the initiatives are implemented on time