Minimum 10 years of experience in Information Security, Internal Audit, Data Privacy, or GRC fields.
Relevant industry certifications such as CISSP, CISA, CISM, CRISC, CIPP.
Deep knowledge of industry regulations and risk management frameworks like ISO, PCI, NIST, COBIT, GDPR.
Experience managing GRC products, implementing IT risk frameworks, and navigating complex environments.
Requirements:
Conduct controls testing in areas like Incident Management, Disaster Recovery, and Network Security.
Lead internal and external audits and perform risk and control assessments.
Evaluate the effectiveness of IT and Cyber controls to mitigate risks.
Provide regular updates and reports to senior management on testing progress and results.
Job description
Function Specific Responsibilities
Conduct controls testing activities in areas such as Incident Management, Disaster Recovery, Management, Cryptography, Network Security and Identity & Access Manageme
Periodic review of new and existing controls from a design point of view
Evaluate and assess the effectiveness of IT & Cyber controls in remediating associated risks in an accurate, complete and transparent way
Be responsible for the testing progress for the assigned controls and update senior audiences about the progress and results
Understand and evaluate relevant IT & Cyber risks and controls designed to mitigate these risks to a level acceptable by IT management
Ensure the quality, integrity, and completeness of data related to clients and related parties in various independence systems of the firm. Support engagement teams in complying with independence policies.
Leading all the internal and External Audits for account
Lead Risk and Control assessment (RCA) for various accounts by performing Risk assessment, Controls design and Control assurance.
Analyzing information security impact while evaluating any change due to technology or business requirements.
Proactively investigate risk events including deep dives to identify issues arising.
Help ensure that the various elements of the risk management framework are embedded and operating efficiently across all accounts.
Maintain control master data for changes to underlying business processes, systems etc
Work with Control Owner for ineffective controls & coordinate action tracking
Maintain control master data for changes to underlying business processes, systems
Oversees attestationcertification processes
Local RACETickit expert
Subject matter expert for risks, control objectives and controls specific to the function
Customer
Use of customer insights to provide direction for business initiatives
Ensure best practice customer initiatives are adopted and applied
Provide exceptional customer service to internal and external customers within company guidelines, regulatory obligations and SLA’s
Ensure all confidential information is handled in accordance with company and partner protocols and procedures
Ensure high levels of customer relationship management are maintained
Communication
Ensure all contact and interactions are of the highest standards, communicating clearly and appropriately to all stakeholders
Collaborate and provide regular reporting and updates with key stakeholders across
Ensure all communication is in line with the delivery of our Brand Promise to all stakeholders
What you’ll bring
Skills, qualifications &
experience
CISSP, CISA, CISM, CRISC, CIPP, or similar industry certification(s)
Deep knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, GDPR)
Experience with managing GRC products and implementations, including developing relevant business, technical, and data requirements
Experience in complex, matrixed environments and an experience navigating a constantly changing business
Strong communication with and organizational skills and an experience distilling complex risk data into impactful messaging to nontechnical, leadership teams
Program and project management experience with process and organizational change implementation
Selfstarter, experience working independently and as part of a team
Experience working independently and as part of a team
Strong analytical, research, and problemsolving skills with a keen attention to detail
Desired Candidate Profile
Minimum 10 years of experience in Information and Physical Security, Internal Audit, Data Privacy, or other Governance, Risk & Compliance Fields
Practical experience in implementing IT risk frameworks, controls, and methodologies
Experience discerning business relevant risk associated with technology control deficiencies
Experience in the areas of risks and controls across various IT platforms
Experience with interpreting and implementing data privacy and protection regulatory requirements at scale
Experience moving technical or business driven projects from inception to delivery, and experience articulating the impact using metrics
