Company Overview:
ARCON is a globallyrecognizedIdentity-As-A-Serviceproviderwithawealthofexperience in risk management and continuous risk assessment tools committed to excellence, innovation ,and security. Ouraward winning solutions portfolio includesour Privileged Access Management(PAM)solution along with Identity and Access Management(IAM), EndpointPrivilegeManagement(EPM),and Cloud overnance(CIEM), among others. Our world-classtraining, deployment, and support help organizations optimize their experience with oursolutionsrightfromtheprocurementstageandconfigureour solutionstomatch all challengesto support growth andscalability .ARCON is a leading cybersecurity organization, and we pride ourselves on fostering a culture of continuous learning and professional development.
Website: http://www.arconnet.com
Key Responsibilities Area:
- Develop and ensure all policies, procedures and guidelines are in line with industry frameworks (ISO 27001, NIST, CIS, GDPR, HIPAA)
- Create and drive Cyber awareness program across organization
- Ensure product's security assessments compliance
- Implement security controls, risk assessment framework, and program that aligns to best practices and regulatory requirements.
- Develop and publish Cyber security metrics
- Ensure company audit certificates are up to date for product compliance
Governance Risk & Compliance (GRC) is a very important role which will ensure
the successful delivery of the GRC function roles and responsibilities.
The key requirement of this role is to remains current on best practices and technological advancements
The incumbent will be responsible for:
The incumbent will handle the following responsibilities –
- Develop policies, procedures and guidelines in line with current cyber risks
- Create & Drive Cyber awareness program across organization
- Ensure product's security assessment audits are compliant
- Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements.
- Develop and publish Cyber security metrics
- Coordinate internal and external audits (ISO 27001, NIST, SOC2, PCI DSS, GDPR compliance program)
- Ensure that product related TPRM assessments are compliant
Development and ensuring all policies, procedures and guidelines in line with current cyber risks-
- Work with business teams to understand the business's current and future needs from Cyber security perspective and identify risks.
- Develop / review required Cyber security policies, procedures and guidelines in consultation with key stakeholders.
- Share policies and processes to all the users appropriately by using mediums such as emailers, e-modules, workshops, quizzes etc. And ensure adherence.
- Assess efficacy of security controls, document and report control failures and gaps to stakeholders.
Create and drive Cyber awareness program across organization-
- Create holistic Cyber awareness program by looking at type of users and industry.
- Drive security awareness program across the organisation by using mediums such as workshops/drills/ emailers, phishing campaigns, e-modules, quizzes etc. execute awareness programs effectively. Digi TALKS etc. on Cyber security Do's / Don'ts to enhance overall Cyber security awareness.
- Provide remediation guidance and prepare management reports to track remediation activities.
Ensure product's security assessments-
- Collaborate with stakeholders and clients and identify critical areas for the assessment.
- Ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
- Create a schedule of assessment for the critical products.
- Maintain records of the assessments.
- Assist with Third Party Risk Management framework including policy updates, procedures, due diligence questionnaires and the monitoring of third parties adherence to information security and data privacy obligations.
Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements.
- Collaborate with stakeholders and identify Cyber risks.
- Take actions to address cyber risks
- Maintain Cyber risk register
- Create and maintain Risk acceptance process.
Develop and publish Cyber security metrics
- Build and share Cyber security matrices with CISO and management
- Help CISO in Cyber GRC related and other cyber security related matters
- Develop relevant metrics, analyse data, identify trends and help drive improvements to the control environment
Essential
Bachelor s in engineering
(Computer application/Information & Technology/ Cyber security / Electronics and Telecom)
Preferred
Relevant industry certification such as ISO 27001 Lead Auditor/Lead Implementor, CISA / CISM / CCSP etc. (at least two) is highly desirable.
Requisite Experience
Essential
10 years experience of Cyber security out of which minimum 6 yrs in GRC.
Preferred
- Experience of leading ISO27001, SOC2 Type2, PCI DSS certified programme.
- Excellent interpersonal skills, comfortable working at all levels within an organisation and in a wide variety of situations.
