Consultant - GRC, Privacy and Business Continuity

Consultant - GRC, Privacy and Business Continuity

About ISG

Tredence CISO & DPO's office is accountable for Security and Privacy on all aspects of Tredence's internal and Client facing business. The team in charge of Security - the Information Security Group (ISG) - focusses on all elements of Information Security for the organization working collaboratively with stakeholders from across its business. The team provides internal as well as external stakeholders assurance while confidential data is being handled to meet business objectives.
ISG takes care of implementing, maintaining and reporting of Information Security and Privacy and its posture using a combination of Policies, Procedures, Guidelines and Cyber Security and Privacy technology controls on an ongoing basis. The team comprises of two Groups,
1.
Cyber Security Governance, Risk and Compliance (GRC) and Privacy and,
2.
Cyber Security Technical Operations (TechOps)

Responsibilities


In this role, you will partake in all GRC and Privacy initiatives for the organization working with other ISG Functions, relevant stakeholders internally within the organization, and where applicable with external stakeholders. For this, you will handle initiatives such as, but not limited to,
o
Cyber Security and Privacy Strategy and Strategic Plan
o
Cyber Security and Privacy Governance Framework
o
Cyber Security and Privacy benchmarking
o
Handling of Cyber Security and Privacy implementations, maintenance, Audits and Attestations with respective to ISO 27001:2013 / 2022, ISO 27701:2019, SOC2 Type-2 Attestation, HITRUST Certification Audits, GDPR, Security Councils and Reporting
o
Program Management Office (PgMO)
o
Cyber Security and Privacy Skill Management
o
External and Internal Cyber Security and Privacy branding
o
Third-Party Risk Management (TPRM)
o
M&A Cyber Security
o
Cyber Security and Privacy Regulatory Compliance
o
Cyber Resilience Program
o
Inculcate Privacy by Design (PbD) as a conscious practice in the organization
o
Building and institutionalization of relevant Policies, Processes, Procedures and Guidelines in the organization
o
Closely work with relevant stakeholders to ensure compliance against Privacy and Data Protection requirements at all times, including incorporating of appropriate Data Processing Agreements (DPAs) covering relevant Fiduciary / Controller / Processor / Sub-Processor relationships as needed and adherence to applicable Regulatory requirements such as, but not limited to, Indian DPDP, EU GDPR, CCPA etc.
o
Undertake Privacy Impact Assessments (PIA) / Data Protection Impact Assessment (DPIA) and review any relevant changes which can influence the use, storage or disposal of any form of Personally Identifiable Information (PII) and drive closures of identified gaps / risks to closure without permissible timelines
o
Align and maintain the Privacy Program in line with the Privacy Information Management System (PIMS) basis ISO27701:2019
o
Work with stakeholders to ensure timely identification, recording and notification to relevant Supervisory Authorities, Clients or other effected parties as well as its resolution, in the event of a relevant, material incident, should it occur
o
Keep abreast with the latest happenings on global Privacy Regulations so as to ensure compliance to the same
o
Help the CISO & DPO drive the Information Security Council (ISC) through its comprehensive Metrics program and reporting expectations.
o
Respond to RFP/Is, review / redline MSA / SoWs, Information Security and Privacy Addendums, Data Protection Addendums (DPA), Client Security questionnaires etc.
o
Assist the team in designing, implementing, maintaining and continually improving the Information Security and Privacy culture in the organization so as to ensure a robust and scalable Cyber Security and Privacy program

Knowledge expectations

o
You come with up to 5 years of working experience in Information Security
o
You have a good understand of applying pragmatic Information Security and Privacy controls in leading Standards and Frameworks such as, but not limited to, Information Security Management System (ISO 27001:2013 / 2022), Privacy Information Management System (ISO 27701:2019), Business Continuity Management System (ISO 22301:2019), NIST Cyber Security Framework (CSF), HIPAA / HITRUST Certification

NIST 800
-53, PCI DSS, SSAE-18 SOC 1 or SOC 2 and SOX controls, ITIL, having been part of various implementations and compliance initiatives on the same
o
Working knowledge of any leading GRC workflow tools (e.g.: OneTrust, RSA Archer, RSAM etc.)
o
You have a good understanding of essential controls in one or more of the following Cloud platforms Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP)
o
You come with experience in assessing applications, systems and processes those handling PII and recommending corrective actions to achieve compliance with relevant Privacy and Data Protection requirements
o
You come with working knowledge of interpretation and control implementations pertaining to Cyber Laws, Privacy and Data Protection Laws as well as relevant decisions / guidance issued by Supervisory Authorities, Courts and Tribunals from time to time in applicable jurisdictions
o
You stay informed on the latest on the dynamic Regulatory landscape which can influence the need to, and the scope of various Information Security and Privacy Controls in the organization

Required education and certifications

o
You are an Engineering graduate, have an equivalent or higher education
o
You have acquired one or more of the following certifications CISSP, CRISC, CISM, CISA, CIPP, CIPM, FIP, CDPSE, ISO 27001:2013 / 2022 Lead Implementer / Auditor, ISO 27701:2019 Lead Implementer / Auditor, ISO 22301:2019 Certifications

Skill expectations and others

o
You have great attention to detail, strong communication and collaboration skills
o
You come with a mix of technical, analytical and problem-solving skills
o
You come with a mindset of helping improve the Privacy Program at all times
o
You are an avid learner which you continuously look at imbibing and applying on the job
o
You are a self-starter, a go getter and an innovative thinker with a positive attitude