Risk Identification and Assessment:
- Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies.
- Assist in the identification and evaluation of risks associated with third-party vendors and partners.
- Maintain the IT risk register, documenting risks, issues, and remediation actions.
Risk Mitigation and Monitoring:
- Recommend risk mitigation strategies and implement risk management controls across IT infrastructure.
- Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities.
- Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed.
- Compliance and Regulatory Support:Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST).
- Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices.
- Support the development and implementation of IT governance, risk, and compliance frameworks.
Vendor Risk Management:
- Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies.
- Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary.
What we expect of youBasic Qualifications and Experience:
Education:
- Bachelor s degree in information technology, Cybersecurity, Risk Management, or a related field.
- Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable.
- Experience:2 - 4 years of experience in IT risk management, IT auditing, or information security.
- Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT).
Skills and Competencies:
- Strong understanding of IT infrastructure, systems, and security best practices.
- Ability to assess technical and business risk related to information systems.
- Excellent problem-solving, analytical, and communication skills.
- Ability to communicate complex risk concepts to non-technical stakeholders.
- Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS)
- Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS).
- This role involves second shifts: 2pm-11pm IST
Technical Knowledge:
- Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools.
- Experience with security controls related to networks, databases, and cloud environments.
Soft Skills:
- Excellent analytical and troubleshooting skills
- Strong verbal and written communication skills
- Ability to work effectively with global, virtual teams
- High degree of initiative and self-motivation
- Ability to manage multiple priorities successfully
- Team oriented, with a focus on achieving team goals
- Strong presentation and public speaking skills
- Collaboration across global teams
