Assistant Vice President- GRC

Role- Assistant Vice President (GRC Head)-Infosec Team

Location- Gurgaon

Work Model- 5 days from Office

Company Description

Nykaa is a digitally native, consumer-tech company that offers a wide range of beauty, personal care and fashion products. Since its inception in 2012, Nykaa has disrupted the beauty retail market in India and captured the hearts of millions of customers. Besides offering engaging and educational content, we have diversified our offerings through other online platforms like Nykaa Fashion, Nykaa Man, and Superstore.

Key Words - NIST, Cert-In, ITGC Audit, InfoSec Risk Assessment, ISO 27001 implementation

Key Responsibilities

1. Maintain a robust GRC & Data Protection program that aligns with organizational goals and objectives.
2. Developing and implementing InfoSec policies, procedures, and standards
3. To assess the security posture of the organization by using Cyber-Security Framework such as NIST
4. Ensuring that information security risks are identified, assessed, and managed appropriately, and that appropriate controls are in place to mitigate these risks.
5. Establishing and maintaining relationships with stakeholders across the organization, including senior leadership, business units, and other key stakeholders, to promote information security best practices and awareness.
6. Leading the information security awareness and training programs for employees to ensure that they understand their roles and responsibilities in maintaining the security of information assets.
7. Ensuring that the organization is compliant with relevant laws, regulations, and standards related to information security, such as IT Act, Cert-In, PCI, etc
8. Lead the implementation of ISO 27001 Information Security Management System.
9. Govern the third-party risk management program, ensuring comprehensive assessment, monitoring, and mitigation strategies to safeguard the organization
10. Set governance rigor including regular updates for management, publishing dashboards including metrics for monitoring effectiveness of the organization's information security program

Qualification/Skill

1. Graduate in Computer Science, Information Security
2. Relevant certifications (e.g., CISSP, CISM, CISA) are a plus.
3. 9+ years in Information Security with minimum 5 years of experience in GRC
4. Experience in managing vendor risk management program
5. Strong understanding of information security principles, risk management, and compliance requirements
6. Experience with industry frameworks and standards (ISO 27001, NIST, etc.).
7. Excellent communication and interpersonal skills, with the ability to collaborate with cross-functional teams.
8. Demonstrated ability to lead and drive change within an organization.
9. Strong analytical and problem-solving skills.
10. Ability to handle confidential information
11. Ethical, with the ability to remain impartial and report all noncompliance
12. Organizational skills with attention to detail