GRC sub-division is responsible for InfoSec Governance, conducting risk management and aseessing compliance through which vulnerabilities and threats to information assets are continuously assessed, and the appropriate protective controls are decided on and applied. The value of an organization lies within its information and its security is critical for business operations, as well as retaining credibility and earning the trust of clients. Team is also responsible for internal audit and supporting certification programs like ISO 27001, PCI DSS and GDPR etc.
The below Key Performance Areas include but are not limited to:
Plan, execute, process and communicate relevant GRC team activities, not limited to risk assessment but also includes sound knowledge and experience in InfoSec Governance, Compliance; providing consultancy related to Security practices, controls and solutions. Team member will work closely with other teams(i.e. security architecture, VAPT, SOC & CSIRT). Person will maintain risk register, Risk Acceptance and Exception Request process. He will also monitor and re-certify these requests on timely basis.
Work closely with other team members for the Security requirements and implementation of security initiatives based on ISMS (ISO 27001:2013), Business Continuity Management Systems (BCMS ISO22301:2012) and IDR, PCI-DSS, SSAE SOC etc.
Develop, implement and manage Information Security practices with hands-on experience managing GRC for the complete Organization
Providing consultancy, design and implementation of security controls and solutions to other internal stakeholders to reduce the risk to Organization.
Responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
Design information security management systems that impact multiple domains and operations
Experience working with VA/PT technologies, Infrastructure & Endpoint Security solutions
Broad understanding of various Risk models (e.g. OSSTMM, CVSS, OCTAVE)
Experience in Security evaluation, threat assessments, threat modelling, risk assessment methodologies and frameworks
Develop, implement and enforce suitable and relevant information security policies, ensuring that these are compliant with Alshaya IT Policies and standards and other legislation and regulations related to information security; reviewing policies on a regular basis.
Inform, consult and advise the company on matters related to compliance and data protection laws including privacy compliance for GDPR and relevant standards
Manage Internal and External audit related to information security compliance and best IT practices
Advise business and project teams on Security requirements
Knowledge:
Good knowledge of ISMS based on ISO 27001, PCI-DSS standards, GDPR and IT Security practices.
Good knowledge of Cloud Computing, Virtualization and Web Services.
Good knowledge of maintaining Risk Register and associated practices.
Good understanding of Network and web related protocols.
Good understanding of cryptographic methods/algorithms.
Good understanding of the network and systems architecture.
Good presentation and communication skills.
Experience Experience:
6-10 years experience in Information Security Domain
Graduation Degree/Btech
CISSP / CRISC / CISM / MicroSoft’s or Cisco’s Security certification is added advantage
Advertised: India Standard Time Application close: