- Establishing and maintaining governance and compliance standards.
- Conducting risk assessments to identify vulnerabilities internally and within vendor or thirdparty supplier products.
- Creating, maintaining, implementing, and communicating riskbased audits and assessments.
- Advising senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.
- Lead, mentor, and develop a team of GRC auditors, fostering a culture of continuous improvement.
- The GRC Senior Analyst independently executes highquality, enterpriseclass solutions consistent with regulations and established frameworks.
- The GRC Senior Analyst holds team and organization level responsibilities and may lead small to medium scale projects. The Senior Analyst works with employees and leaders across NE and our partners and affiliates.
- Understanding of ISO 27001 Standard and SOC 2 Framework, GDPR, CCPA.
- Cloud technologies, SaaS Concepts and associated security concepts and implementation
- Exposure and understanding of at least one full cycle of Internal and External Audits
- Problem solving, Organisational Awareness and Understanding, Critical Thinking, Mentoring & Teaching and Thorough Attention to Detail
- Self-Organisation, Comfort with change, Influencing & Persuading and selfdriven
- Should Have OR Pursuing before 31 May 2024: LA ISO 27001:2022
- Good to Have OR Pursuing: CISA / CISM / CISSP/ CEGIT
- Develop a riskbased audit plan that ensures the appropriate coverage of IT risks, ensuring that audits are conducted according to relevant IT audit standards / frameworks.
- Work within a matrix organization, actively engaging with stakeholders to execute planned project / ad hoc requests, share insights, and provide administrative support where needed.
- Execute and lead IS audits to assess the effectiveness of internal controls, information security, and compliance with relevant policies and regulations.
- Identify and evaluate IS risks and controls, providing recommendations for improvement that have a direct benefit to the business.
- Design, develop and / or review the audit approach and audit programs to guide the team in completion of assigned audit Management :
- Collaborate with cross-functional teams to assess and validate IS-related risks.
- Identify and proactively address business and regulatory issues/concerns.
- Monitor and report on emerging trends and developments in the IS/IT landscape that may impact the organization's risk profile.
- Conduct risk assessments to identify potential areas of vulnerability and recommend corrective actions.
- Background in infrastructure security, SDLC, and secure SaaS practices, including experience with assessment, development, implementation, optimization, and documentation.
- Expertise in security review processes, data protection, cryptography, IAM within cloud environments, SaaS, IaaS, and PaaS.
- Experience with cloudbased microserviceoriented architecture, security and governance tools, network administration security, and enterprise applications.
- Direct architecture experience with GCP, Azure and AWS is advantage but not mandatory.
- Drive & implements a data security risk reporting framework, aligned with organizational framework, for management teams and governance committees.
- Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that NE meets both the requirements and intent of its regulatory and compliance obligations.
- Candidate should be able to showcase the ability to work across geographical boundaries and support joint initiatives effectively.
- Communicate audit findings and recommendations to key stakeholders including but not limited to senior management.
- Develop and maintain productive working relationships with business unit management and risk management leaders.
- Work collaboratively with IT/DevOps/CloudOps Management regarding general controls reviews and assessments.
- Review compliance with industry standards, laws, and regulations related to IS/IT.
- Evaluate the effectiveness of IS/IT policies and procedures and recommend enhancements.
- Stay abreast of changes in regulations and proactively update internal controls accordingly.
- Lead, mentor, and develop a team of GRC auditors, fostering a culture of continuous improvement.
- Provide training and support to ensure the team is equipped to handle evolving IS/IT risks and challenges.
-
SAP SCM/OTC/PP Consultant
1 hour ago
Comtek Solution Hyderabad, IndiaAbout the job: · Company Description: · ComTek Solutions (ComTek) is a CMMI Level 3 and ISO certified SAP Onsite-Offshore Managed Services company that specializes in SAP implementations, managed services, and staff augmentation. · With headquarters in Virginia, USA and offshore ...
-
Wipro Hyderabad, IndiaDear Candidates, · Wipro is currently hiring for Service Now GRC · Location: PAN INDIA · NP-preferably Immediate Joiners, 0-45 days (90 days notice period please donot apply) · Please refer requested details in trail mail and JD as follows. · Detailed Job Description: · The job h ...
-
ServiceNow ITSM Lead Developer
1 week ago
SPG Consulting Hyderabad, IndiaServiceNow ITSM LeadDeveloperMustHaveHands on experience on Inbound actions client scriptsUI Policies Business rules UI actions Import sets Transform MapsNotifications scriptIncludesHands onExperience on flow designer orWorkflowsWorked onAgilemethodologyGoodKnowledge on Integrati ...
-
Security Risk Management, Specialist
1 week ago
Alight Hyderabad, India OTHEROur story · At Alight, we believe a company's success starts with its people. At our core, we Champion People, help our colleagues Grow with Purpose and true to our name we encourage colleagues to "Be Alight." · Our Values: · Champion People – be empathetic and help create a plac ...
GRC Specialist - Hyderabad, India - NetEnrich
Description
Company Description :
Netenrich boosts the effectiveness of organizations' security and digital operations so they can avoid disruption and manage risk.
Resolution Intelligence CloudTM is our native-cloud data analytics platform for enterprises and services providers that need highly scalable, multitenant security operations and/or digital operations management.
Resolution Intelligence Cloud transforms security and operations data into intelligence that organizations can act on before critical issues occur. More than 3,000 customers and managed service providers rely on Netenrich to deliver secure operations at scale.Job Title : IS GRC Senior Analyst
Years of Experience : 3-8 Years
Work Location : Hyderabad (Work from Office)
Job Summary :
The NE IS Security Governance, Risk, and Compliance (GRC) Senior Analyst develops and maintain information security Risk Management program, Internal / External Audit and Compliance.
The GRC Senior Analyst serves as a critical resource for staff and leaders regarding information security risk management implementation, interpretation, and compliance.
The GRC Senior Analyst assesses and prioritizes information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics.
Work Experience : 3-6 years of progressive and responsible experience in Information Security Risk Management, IT / IS Controls Frameworks & Standards, Audits and Assessments, exposure and understanding of regulatory requirements from a privacy and security standpoint.
Licenses & Certifications :
Audit Planning and Execution :