GRC Audit Analyst

Role Governance, Risk and Compliance (GRC) - Auditing

JOB Description: -

Role and Responsibilities

•To work as first point of contact for all Information Security & Compliance, Data Privacy, Business Continuity and Technology related requirements for the assigned vertical

•Oversee and manage security and compliance issues of process/account to adhere to the Mphasis (ISMS) & client requirements

•Coordinate development and implementation of the security assurance program at a project / Unit level.

•Implement corporate-wide training and communication programs to ensure that all employees and affiliated parties are educated on the Standards of Conduct and the Corporate Compliance Program.

•Coordinate with other departments and facilitate conduct of inquiries and/or investigations when deemed necessary.

•Perform reviews on audit controls and measurements and conduct Risk Assessments to ensure correct practices are established and adhered to.

•Facilitate internal/external audits to ensure nil/minimum non-compliance.

•Report at pre-defined intervals to the appropriate stakeholders on the status of compliance program.

•Respond appropriately to Business, Chief Risk Office – Investigations Team, if a violation or deviation is uncovered.

•Understand, establish, and monitor adherence to the Business Continuity Plan.

•Undertake and close the BCP testing activities in close coordination with the delivery SPOC/BCMS team.

•Proficiency in Stakeholder management and senior leadership communication/reporting

•Proficiency in Client engagement

•Establish value added analytics and initiatives within the function.

•Technically sound and proficient to identify and help remediate technical failures in coordination with internal stakeholders

•Self-driven with project management skills to lead internal projects and be the face for the function at an account / location level.

Qualification / Education Requirements; Competencies:

•B.E. / Science Graduate / Masters-Information Security

•Advanced knowledge of Information Security Management System

•Minimum relevant work experience of 2 - 12 years (L4-L7) in the Information Security domain

•Experience in implementing, facilitating audits for ISO 27001:2005; SOC1 Type-2 (SSAE), PCI

•Knowledge of SOC- ITGC, HIPAA, Data Privacy (DPA, GDPR)

•Exposure to BCM / DR; SOC 2 requirements and control implementation strategies

•Preferred: Certified: ISO 27001:2005, ISO-22301, PCI-DSS, IT/Network – Security +, CCNA, PMP

•Desired: CISA / CISM / CISSP

•Proficiency with MS-Excel/VB/PowerPoint

•Qualitative approach towards aligned delivery requirements

•Graduate with minimum 3-5 years of relevant work experience in information Security- Governance, Risk and Security Compliance domain

•Proven Experience in a BISO role to be the POC for clients and internal stakeholders

•Certified: ISO 27001:2005, ISO-22301, PCI-DSS, IT / Network – Security +, CCNA, PMP

•Candidate should have excellent communication skills and have experience as a BISO (Business Information Security officer) in managing US/EU clients

•Experience in conducting Security audits and Risk Assessments

•Facilitate internal/external/client audits to ensure nil/minimum non-compliance

•Experience in proactively implementing controls, identifying / remediating gaps and facilitating audits for ISO 27001:2005; SOC1 Type-2 (SSAE), PCI, HIPAA.