JOB Opening at https://www.valuemomentum.com/
Please contact uma.mahesh@valuemomentum.com
Company
|
ValueMomentum
|
Role
|
GRC Lead
|
Primary Skills
|
Information security, data privacy, regulatory compliance, information security & data privacy risk assessment, 3rd party risk assessment, incident management, business continuity areas
|
Experience
|
3 to 5 years
|
Reporting To
|
Senior Manager-GRC
|
Contact Person
|
Uma.mahesh@valuemomentum.com
|
Industry:
Information Technology & Services, BFIS & Healthcare clientele
Key Responsibilities
- Map the compliance requirements with Management System identifying the necessary administrative/technical/physical controls including gaps, if any, along with remediation plans.
- Develop the necessary policies, processes, procedures, guidelines, checklists, compliance requirements, audit criteria along with reviews by respective stakeholders and publish in the Management System.
- Ensure the implementation of the engagement specific controls across the account/projects, HR, Training, IT, and Admin areas along with regular monitoring and control.
- Based on the audit plan and agreed focus areas, publish audit schedules internally.
- Involve in RFI/RFP responses to customers, customer’s 3rd party risk assessments & audits, vendor risk assessments & audits, certification audits/assessments ensuring with the necessary requirements.
- Conduct internal audits covering on-prem and cloud environments in line with applicable information security & data privacy standards, regulatory requirements and along with the analysis of audit findings.
- Liaise with the external auditors and coordinate during external audits/assessments and VAPT exercises along with internal coordination.
- Facilitate teams to identify corrections, root causes, corrective & preventive actions and ensure closure of internal/external audit findings.
- Drive the internal IT information security & data privacy risk assessments liaising with stakeholders adhering to the policy requirements and facilitate to mitigate the risks identified.
- Facilitate during incident/security breach coordinating with stakeholders adhering to incident response, incident investigation and incident resolution.
- Drive the business continuity testing exercises liaising with stakeholders adhering to the policy requirements and facilitate to mitigate the risks identified.
- Facilitate during eWaste disposal and fire drills coordinating with stakeholders adhering the policy requirements.
Job Description
Desired Skill, Experience, Qualifications, Certifications etc,
- Graduate in Computer Science/Engineering
- At least 3 to 5 years of experience in the areas of IT processes, IT risk, IT compliance and IT audit assurance areas dealing with information security and data privacy.
- Experience on various industry recognized BFSI & healthcare regulations/standards/frameworks such as ISO 27001, SSAE 18 SoC 2 Type 2, NYDFS, FFIEC, HIPAA/HITECH, etc.
- Experience in working with various stakeholders, leadership team, certification bodies, etc.
- Excellent communication skills
- Certifications in the areas of Lead Auditor ISO 27001, CISA, HIPAA, Risk Manager, Privacy Officer, etc.