Job Description

C3, C4, C5 candidates only. C4- 8-10 yrs , 14 LPA max C5- 10-13 yrs, 22 LPA max GRC Lead This role works in close collaboration with all members of the GRC team and is fully integrated within the Information Security process. Welcome to Possible. KEY RESPONSIBILITY ⨀ 9-15 years of experience in design and implementation of GRC controls. ⨀ Reviewing Information security policies and procedures identify gaps, consolidating information security policies and procedures into group policy. ⨀ Should have good experience in performing risk assessments, creating and maintaining risk registers, liaising with risk officers and getting risk register updated with remediation steps. ⨀ Should have experience in performing IT General controls review/audits. ⨀ Should have good understanding of IT Risk management frameworks like COSO, COBIT, NIST 800 series, ISO 27001, ISO 31000 ⨀ Should have good understanding of regulatory compliance requirements such as SOX, GDPR, PCI-DSS, FISMA, HIPAA, and HITRUST, RBI Cybersecurity requirements, IT Act 2000. ⨀ Should have good understanding of data protection & privacy laws in various countries like US, UK, Europe, APAC- Singapore, Australia, and India. ⨀ Should have implemented GRC solutions like Archer, Metric stream, Logic manager, Oracle GRC, SAS GRC solutions. ⨀ Should have experience working and responding to RFI/RFP requirements for global customers, writing SOW, effort estimation. ⨀ Should have experience creating tools and enablers such as IT Risk assessment tools, cloud security assessment tools, GRC Tools, whitepapers, PoV, Presentation documents. ⨀ Should have lead team size of 10-15 team members. ⨀ Should have excellent communication skills, team management skills, stake holder management skills. Should be a go-getter and expert in speaking about GRC with top management executives. ⨀ Should be having any two of them CISSP, ISO 27001, CISA, CISM, CRISC, and CGEIT Certified professional. ⨀ Good to have SOX, GDPR, Privacy training and certifications.