Consultant - GRC, Privacy and Business Continuity

Job Description

Consultant – Governance, Risk and Compliance (GRC) and Privacy                                                                     
              
About Tredence 

Tredence is a global data science solutions provider focused on solving the last mile problem in AI. The last mile is the gap between insight creation and value realization. Headquartered in San Jose, the company embraces a vertical first approach and an outcome-driven mindset to help clients win and accelerate value realization from their analytics 
 investments.
Tredence is a Great Place to Work-Certified and a Leader in the
Forrester Wave: Customer Analytics Services. Tredence is 1,500-plus employees strong with offices in San Jose, Foster City, Chicago, London, Toronto, and Bangalore, with the largest companies in retail, CPG, hi-tech, telecom, healthcare, travel, and industrials as clients. 

Website: www.tredence.com 

Role Consultant – Governance, Risk and Compliance (GRC) and Privacy 
Designation Consultant – Governance, Risk and Compliance (GRC) and Privacy Function Governance, Risk and Compliance (GRC) and Privacy 
Unit Information Security Group (ISG) 
Reporting to Chief Information Security Officer (CISO) & Data Protection Officer (DPO) 
Team size NA
Base location Bangalore 

About ISG 

Tredence CISO & DPO's office is accountable for Security and Privacy on all aspects of Tredence's internal and Client 
facing business.
The team in charge of Security - the Information Security Group (ISG) - focusses on all elements of Information Security for the organization working collaboratively with stakeholders from across its business. The 
team provides internal as well as external stakeholders assurance while confidential data is being handled to meet business objectives. 

ISG takes care of implementing, maintaining and reporting of Information Security and Privacy and its posture using a combination of Policies, Procedures, Guidelines and Cyber Security and Privacy technology controls on an ongoing basis.
The team comprises of two Groups, 

1. Cyber Security Governance, Risk and Compliance (GRC) and Privacy and, 
2. Cyber Security Technical Operations (TechOps) 

Responsibilities 

In this role, you will partake in all GRC and Privacy initiatives for the organization working with other ISG Functions, relevant stakeholders internally within the organization, and where applicable with external stakeholders.
For this, you will handle initiatives such as, but not limited to, 
o Cyber Security and Privacy Strategy and Strategic Plan 
o Cyber Security and Privacy Governance Framework 
o Cyber Security and Privacy benchmarking 
o Handling of Cyber Security and Privacy implementations, maintenance, Audits and Attestations with respective 
to ISO 27001:2013 / 2022, ISO 27701:2019, SOC2 Type-2 Attestation, HITRUST Certification Audits, GDPR, Security Councils and Reporting 

o Program Management Office (PgMO) 
o Cyber Security and Privacy Skill Management 
o External and Internal Cyber Security and Privacy branding 
o Third-Party Risk Management (TPRM) 
o M&A Cyber Security 
o Cyber Security and Privacy Regulatory Compliance 
o Cyber Resilience Program 
o Inculcate Privacy by Design (PbD) as a conscious practice in the organization 
o Building and institutionalization of relevant Policies, Processes, Procedures and Guidelines in the organization 
o Closely work with relevant stakeholders to ensure compliance against

Privacy and Data Protection requirements at all times, including incorporating of appropriate Data Processing Agreements (DPAs) covering relevant 

Fiduciary / Controller / Processor / Sub-Processor relationships as needed and adherence to applicable 
Regulatory requirements such as, but not limited to, Indian DPDP, EU GDPR, CCPA etc.
 
o Undertake Privacy Impact Assessments (PIA) / Data Protection Impact Assessment (DPIA) and review any relevant changes which can influence the use, storage or disposal of any form of Personally Identifiable 
Information (PII) and drive closures of identified gaps / risks to closure without permissible timelines 

o Align and maintain the Privacy Program in line with the Privacy Information Management System (PIMS) basis 
ISO27701:2019 

o Work with stakeholders to ensure timely identification, recording and notification to relevant Supervisory Authorities, Clients or other effected parties as well as its resolution, in the event of a relevant, material incident, should it occur 

o Keep abreast with the latest happenings on global Privacy Regulations so as to ensure compliance to the same 

o Help the CISO & DPO drive the Information Security Council (ISC) through its comprehensive Metrics program 
and reporting expectations. 

o Respond to RFP/Is, review / redline MSA / SoWs, Information Security and Privacy Addendums, Data Protection Addendums (DPA), Client Security questionnaires etc. 

o Assist the team in designing, implementing, maintaining and continually improving the Information Security 
and Privacy culture in the organization so as to ensure a robust and scalable Cyber Security and Privacy program 

Knowledge expectations 
 
o You come with up to 5 years of working experience in Information Security 
o You have a good understand of applying pragmatic Information Security and Privacy controls in leading 
Standards and Frameworks such as, but not limited to, Information Security Management System (ISO 
27001:2013 / 2022), Privacy Information Management System (ISO 27701:2019), Business Continuity 
Management System (ISO 22301:2019), NIST Cyber Security Framework (CSF), HIPAA / HITRUST Certification, 
Job Description: Consultant – Governance, Risk and Compliance (GRC) and Privacy                                                                     

NIST 800-53, PCI DSS, SSAE-18 SOC 1 or SOC 2 and SOX controls, ITIL, having been part of various implementations and compliance initiatives on the same 

o Working knowledge of any leading GRC workflow tools (e.g.: OneTrust, RSA Archer, RSAM etc.) 
o You have a good understanding of essential controls in one or more of the following Cloud platforms – 
Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP) 
o You come with experience in assessing applications, systems and processes those handling PII and recommending corrective actions to achieve compliance with relevant Privacy and Data Protection requirements 

o You come with working knowledge of interpretation and control implementations pertaining to Cyber Laws, 
Privacy and Data Protection Laws as well as relevant decisions / guidance issued by Supervisory Authorities, 
Courts and Tribunals from time to time in applicable jurisdictions 

o You stay informed on the latest on the dynamic Regulatory landscape which can influence the need to, and the 
scope of various Information Security and Privacy Controls in the organization 

Required education and certifications 
o You are an Engineering graduate, have an equivalent or higher education 
o You have acquired one or more of the following certifications – CISSP, CRISC, CISM, CISA, CIPP, CIPM, FIP, 
CDPSE, ISO 27001:2013 / 2022 Lead Implementer / Auditor, ISO 27701:2019 Lead Implementer / Auditor, ISO 
22301:2019 Certifications 

Skill expectations and others 
o You have great attention to detail, strong communication and collaboration skills 
o You come with a mix of technical, analytical and problem-solving skills 
o You come with a mindset of helping improve the Privacy Program at all times 
o You are an avid learner which you continuously look at imbibing and applying on the job 
o You are a self-starter, a go getter and an innovative thinker with a positive attitude