GRC Specialist - Hyderabad, India - NetEnrich

Description

Company Description :

Netenrich boosts the effectiveness of organizations' security and digital operations so they can avoid disruption and manage risk.

Resolution Intelligence CloudTM is our native-cloud data analytics platform for enterprises and services providers that need highly scalable, multitenant security operations and/or digital operations management.

Resolution Intelligence Cloud transforms security and operations data into intelligence that organizations can act on before critical issues occur. More than 3,000 customers and managed service providers rely on Netenrich to deliver secure operations at scale.

Job Title : IS GRC Senior Analyst

Years of Experience : 3-8 Years

Work Location : Hyderabad (Work from Office)

Job Summary :

The NE IS Security Governance, Risk, and Compliance (GRC) Senior Analyst develops and maintain information security Risk Management program, Internal / External Audit and Compliance.

The GRC Senior Analyst serves as a critical resource for staff and leaders regarding information security risk management implementation, interpretation, and compliance.

The GRC Senior Analyst assesses and prioritizes information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics.

The GRC Senior Analyst is responsible for reducing information security and cybersecurity risk to NE by helping to prioritize and drive remediation efforts throughout the organization through the following :

• Establishing and maintaining governance and compliance standards.
• Conducting risk assessments to identify vulnerabilities internally and within vendor or thirdparty supplier products.
• Creating, maintaining, implementing, and communicating riskbased audits and assessments.
• Advising senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.
• Lead, mentor, and develop a team of GRC auditors, fostering a culture of continuous improvement.
• The GRC Senior Analyst independently executes highquality, enterpriseclass solutions consistent with regulations and established frameworks.
• The GRC Senior Analyst holds team and organization level responsibilities and may lead small to medium scale projects. The Senior Analyst works with employees and leaders across NE and our partners and affiliates.

Required Skillsets :

• Understanding of ISO 27001 Standard and SOC 2 Framework, GDPR, CCPA.
• Cloud technologies, SaaS Concepts and associated security concepts and implementation
• Exposure and understanding of at least one full cycle of Internal and External Audits
• Problem solving, Organisational Awareness and Understanding, Critical Thinking, Mentoring & Teaching and Thorough Attention to Detail
• Self-Organisation, Comfort with change, Influencing & Persuading and selfdriven

Education : Bachelors OR master's degree in IT/ Information Security OR Related Field.

Work Experience : 3-6 years of progressive and responsible experience in Information Security Risk Management, IT / IS Controls Frameworks & Standards, Audits and Assessments, exposure and understanding of regulatory requirements from a privacy and security standpoint.

Licenses & Certifications :

• Should Have OR Pursuing before 31 May 2024: LA ISO 27001:2022
• Good to Have OR Pursuing: CISA / CISM / CISSP/ CEGIT

Major Job Responsibilities :

Audit Planning and Execution :

• Develop a riskbased audit plan that ensures the appropriate coverage of IT risks, ensuring that audits are conducted according to relevant IT audit standards / frameworks.
• Work within a matrix organization, actively engaging with stakeholders to execute planned project / ad hoc requests, share insights, and provide administrative support where needed.
• Execute and lead IS audits to assess the effectiveness of internal controls, information security, and compliance with relevant policies and regulations.
• Identify and evaluate IS risks and controls, providing recommendations for improvement that have a direct benefit to the business.
• Design, develop and / or review the audit approach and audit programs to guide the team in completion of assigned audit Management :
• Collaborate with cross-functional teams to assess and validate IS-related risks.
• Identify and proactively address business and regulatory issues/concerns.
• Monitor and report on emerging trends and developments in the IS/IT landscape that may impact the organization's risk profile.
• Conduct risk assessments to identify potential areas of vulnerability and recommend corrective actions.
• Background in infrastructure security, SDLC, and secure SaaS practices, including experience with assessment, development, implementation, optimization, and documentation.
• Expertise in security review processes, data protection, cryptography, IAM within cloud environments, SaaS, IaaS, and PaaS.
• Experience with cloudbased microserviceoriented architecture, security and governance tools, network administration security, and enterprise applications.
• Direct architecture experience with GCP, Azure and AWS is advantage but not mandatory.
• Drive & implements a data security risk reporting framework, aligned with organizational framework, for management teams and governance committees.
• Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that NE meets both the requirements and intent of its regulatory and compliance obligations.

Stakeholder Communication :

• Candidate should be able to showcase the ability to work across geographical boundaries and support joint initiatives effectively.
• Communicate audit findings and recommendations to key stakeholders including but not limited to senior management.
• Develop and maintain productive working relationships with business unit management and risk management leaders.
• Work collaboratively with IT/DevOps/CloudOps Management regarding general controls reviews and assessments.

Compliance And Policy Adherence :

• Review compliance with industry standards, laws, and regulations related to IS/IT.
• Evaluate the effectiveness of IS/IT policies and procedures and recommend enhancements.
• Stay abreast of changes in regulations and proactively update internal controls accordingly.

Team Leadership and Development :

• Lead, mentor, and develop a team of GRC auditors, fostering a culture of continuous improvement.
• Provide training and support to ensure the team is equipped to handle evolving IS/IT risks and challenges.

)