Job Summary

Domain & Role: Engagement Risk -  Manager

Band & Sub Band: E3.1

Key Responsibilities

Role Description – Task and Responsibilities

• Required to have an excellent understanding of the IT Control framework, in particular risk assessment and control selection
• Working experience in any two of the compliance programs (PCI DSS,HIPPA,ISO 27001,SOC2, SOX,NIST,FISMA,COBIT)
• Lead teams and efforts to ensure effective execution of periodic risk assessments and drive integration of remediation efforts with the risk management process
• Partner with service delivery leadership to both communicate and manage risk in delivery to an acceptable level
• Partner with delivery team to increase the level of awareness of compliance with policy and process
• Lead and perform activities to help measure and monitor compliance with contractual control security requirements, company policies and procedures to ensure the account is compliant and audit ready 
• Lead different compliance & audit testing programs and support successful completion of various external compliance certification programs and internal compliance assessments
• Proven ability to lead small teams dedicated to the performance of risk management and assessment responsibilities.
• Ability to provide effective management of junior employees.
• Develops and provides appropriate guidance on solutions to mitigate risks and enhance system security
• Coordinates with other DCO and Delivery Compliance representatives to build out world class compliance program components to include processes, procedures, and technologies.
• Deep understanding of privacy and business continuity requirements and support R&C Privacy and BCM teams in execution of their respective program
• Demonstrates ability to work in virtual team with help of tools and technologies
• Demonstrates ability to handle conflicting situation & should have strong verbal, written communication & analytical skills
• Must  have systematic and pragmatic approach to problem solving
• Demonstrates good inter-personal skills, high standards of professional behavior in dealings with business customers, colleagues and staff
• Have a good technical awareness and the aptitude to remain up to date with information security and IT developments
• Ability to communicate Risk to non IT business owners and support function such as delivery, HR, GWS, Physical Security, Legal, Contracting and others
• Ability to communicate risk at all levels of management up to and including C-Level executives.
• Translate business, industry, and regulatory requirements into information security objectives and associated tactical/strategic information security initiatives

Certification such as CISA/CISSP/CISM /CRISC/ CGEIT/ISO27001 or any other security related certifications are preferred.

Skill Requirements

Primary Skill: Information Risk Management/Information Security or auditing

Secondary Skill: Understanding of general IT Control framework, BCM Concepts, Privacy, Vendor risk management, Legal and Regulatory requirements in relation to Information Security and IT

Required Experience and Educational Qualification:

• Minimum of 8-14 years of experience in Information Risk Management/Information Security or auditing.
• BE/BTech/BCA/BSc Comp Science/Any graduate with Computer Science diploma

Other relevant skills:

• Strong communication skills
• Ability to multi-task, prioritize, and meet timelines on deliverables
• Proficient in MS Office
• Team Management Skills

Able to translate contractual terms into information security controls

Other Requirements

Additional details

• CV screening questions to ask candidates: Refer to the Role description
• Suggestive Keywords to search - CISA/CISSP/CISM / CRISC and ISO27001
• Competition org to look for: Any reputed Organization
• What all CVs to exclude:  Quality management system, QMS, Financial assessment/auditing, marketing, Call canter, Sales, Delivery

Experience guidelines - Minimum of 8-14 years of experience in Information Risk Management/Information Security or auditing