5 to 8 years
3-4 years of experience in GRC domain
12 to 15 LPA Budget
Immediate to 60 days
Job Title: Governance, Compliance & ISMS Specialist
Job Description:
Responsibilities:
Governance:
- Develop and implement robust governance frameworks to ensure effective decision-making processes and adherence to organizational policies.
- Collaborate with stakeholders to establish governance structures that align with industry best practices.
Compliance Management:
- Monitor and ensure compliance with relevant laws, regulations, and industry standards.
- Conduct regular audits to assess compliance levels and implement corrective actions as needed.
ISMS (Information Security Management System):
- Design, implement, and manage the Information Security Management System (ISMS) in accordance with ISO 27001 standards.
- Oversee the development and maintenance of security policies, procedures, and documentation.
Risk Management:
- Identify, assess, and prioritize risks related to governance, compliance, and information security.
- Implement risk mitigation strategies and work with stakeholders to create a risk-aware culture.
Policy Development:
- Develop and review governance, compliance, and information security policies, ensuring they align with organizational goals and industry standards.
- Communicate policy changes and updates to relevant stakeholders.
Training and Awareness:
- Conduct training sessions and awareness programs on governance, compliance, and information security for employees at all levels.
- Foster a culture of compliance and security awareness within the organization.
Incident Response:
- Develop and maintain an incident response plan for governance, compliance, and information security incidents.
- Coordinate and lead incident response efforts, ensuring timely resolution and reporting.
Reporting:
- Prepare and deliver regular reports to management on governance, compliance, and ISMS metrics, highlighting areas of improvement and adherence levels.
Vendor Management:
- Assess and manage third-party vendor compliance with governance and information security requirements.
Identity Access Management:
- Collaborate with cross-functional teams to design and implement role-based access control (RBAC) and least privilege access models.
- Conduct regular access reviews and audits to ensure compliance with regulatory standards and internal policies.
Privileged Access Management
- Develop, implement, and maintain privileged access management (PAM) policies, procedures, and standards to safeguard critical systems and data from unauthorized access.
- Collaborate with IT teams to identify and assess privileged accounts, including conducting access reviews and audits to mitigate security risks
- Develop and maintain documentation, guidelines, and training materials to educate stakeholders on PAM policies, procedures, and best practices.
- Establish and maintain effective relationships with vendors to ensure compliance standards are met.
Requirements:
Education:
Bachelor's degree in Information Technology, Computer Science or a related field. Relevant certifications (e.g., CISA, CISSP, ISO 27001 Lead Implementer) are advantageous.
Experience:
- Proven experience in governance, compliance, identity access, information security management and roles.
- Familiarity with international standards and frameworks related to governance and information security, including but not limited to ISO 27001:2022, NIST, COBIT etc.
Communication Skills:
Excellent written and verbal communication skills to effectively convey complex governance, compliance, and security concepts to various stakeholders.
Analytical Abilities:
Strong analytical and problem-solving skills to assess and address governance, compliance, and security risks.
Project Management:
Experience in managing projects related to governance, compliance, and information security initiatives.
Team Collaboration:
Ability to collaborate effectively with cross-functional teams, including legal, IT, and risk management.
Continuous Learning:
Commitment to staying updated on emerging trends, best practices, and changes in governance, compliance, and information security.
