Title : Asst Manager / Manager
Department : Risk and Compliance
Experience : 7+ years
Reports to : AVP
Ideal Candidate should be well versed with risk and compliance strategy, execution, deployment and improvement initiatives. Create strategy and processes related to areas of Information Security and Risk Management.
Responsibilities and duties:
1. Develops initiates, maintains, and revises policies and procedures for the general operation of the Compliance Program and its related activities to prevent illegal, unethical, or improper conduct. Manages day-to-day operation of the Program.
2. Provide Strong central oversight to deliver consistency and quality in compliance work across all Information Security, IT and related Functions.
3. Conduct independent evaluations of Security and compliance control processes.
4. Communicate governance and compliance objectives to ensure an appropriate compliance and risk aware culture.
5. Design , control and monitor required framework for IT Security Governance , risk and compliance.
6. Ensures compliance to ISO 27001, SOC 1/SOC 2, Privacy controls and various project security requirements.
7. Ensure there is continuous improvement of internal control framework including the integration of multiple compliance requirements.
8. Work with other IT Managers, internal Audit and external Audit teams to develop continuous monitoring and technology enabled audit techniques.
9. Establish, monitor, and report on relevant performance metrics and applicable Security compliance metrics.
10. Develop and maintain processes, policies, standards, processes, and procedures to assess, oversee, escalate, remediate and report on IT Security risk issues.
11. Proactively work with compliance, internal audit, and risk management functions as well as various technology teams and business partners in the design and implementation of IT risk assessment practices.
12. Vendor Management and co-ordination for implementation of various solutions.
13. Participate in the creation and regular review of enterprise security documents (policies, standards, baselines, guidelines and procedures)
14. Conducts periodic Vulnerability Assessments and Penetration Tests
15. Participate in the planning and design of enterprise Business Continuity and Disaster Recovery Plans
Required Candidate profile
1. Big Accounting firm external and/or internal auditing preferred; external audit experience a plus
2. Sound knowledge of ISO 27001, ISO 9001, SOC 1, SOC 2, GDPR, HIPAA and other privacy requirements.
3. Ability to plan effectively, develop and deliver on agreed timelines
4. General knowledge of IT Systems and structure of IT Working and COBIT framework.
Hands on Experience of Audit working, compliance (Statutory and Regulatory) and governance.
5. Knowledge of ISO 27001 and working knowledge of SOC 1 and SOC 2 audit reports
6. Strong experience in vendor security assessments and Risk Management frameworks.
7. Demonstrated strong analytical skills and the ability to integrate across multiple and varied business areas
8. Expert in administering and managing IT Security Audits and Vendor Audits etc.
Demonstrated skills in leadership, strategic thinking, innovation, creativity, project management
9. Expert Documentation and Communication Skills.
Education and Certification
Academic Qualifications: Bachelors degree in Engineering or closely related coursework in technology and Security development disciplines. CA/CPA with relevant Security and Audit knowledge are also desirable.
Certifications Certifications like CISSP and CISA are desirable
Salary: Not Disclosed by Recruiter
Functional Area: ITES
, Customer Service
Role Category: Back Office/Web/Transaction Processing
Role: Assistant Manager/Manager -(Technical)
Employment Type: Permanent Job, Full Time