Track Lead - Operational Risk, SAP Security
India
Job Description
Track Lead - Operational Risk, SAP Security
Noida, Uttar Pradesh

Job Summary

Security L2/L3 Skills and Experience • Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing • Must have Bachelor’s degree in computer science, information systems or equivalent • Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC • GRC professional with good understanding of industry frameworks and standards • In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps • Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO 31000 • In-depth experience on Third-Party Risk Management • Evaluating third party\'s cybersecurity control and ensuring they comply with organizations standards and industry best practices • Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis • Articulate risks and potential options for remediation or compensating controls • Understand inherent risk assessment • Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation-tracking responsibility • In-depth understand of GDPR, LGPD and other privacy requirements • Strong business and communication skills • Experience in driving meetings with stakeholders • Provide advisory and consulting to client on new trends and challenges in enterprise risk management • Experience in design and development of information security policies, standards, and guidelines • Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA • Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives • Design / modify Contract security language / security clauses • Co-ordinate and negotiate security clauses with Procurement team and Supplier • Experience on GRC platforms • Work with the client & technical teams for change request on any risk or control implementation as well as governance process • Participate in internal as well as external regulatory as well as IT security audits. • Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security

Key Responsibilities

Security L2/L3 Skills and Experience • Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing • Must have Bachelor’s degree in computer science, information systems or equivalent • Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC • GRC professional with good understanding of industry frameworks and standards • In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps • Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO 31000 • In-depth experience on Third-Party Risk Management • Evaluating third party\'s cybersecurity control and ensuring they comply with organizations standards and industry best practices • Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis • Articulate risks and potential options for remediation or compensating controls • Understand inherent risk assessment • Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation-tracking responsibility • In-depth understand of GDPR, LGPD and other privacy requirements • Strong business and communication skills • Experience in driving meetings with stakeholders • Provide advisory and consulting to client on new trends and challenges in enterprise risk management • Experience in design and development of information security policies, standards, and guidelines • Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA • Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives • Design / modify Contract security language / security clauses • Co-ordinate and negotiate security clauses with Procurement team and Supplier • Experience on GRC platforms • Work with the client & technical teams for change request on any risk or control implementation as well as governance process • Participate in internal as well as external regulatory as well as IT security audits. • Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security

Skill Requirements

Security L2/L3 Skills and Experience • Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing • Must have Bachelor’s degree in computer science, information systems or equivalent • Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC • GRC professional with good understanding of industry frameworks and standards • In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps • Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO 31000 • In-depth experience on Third-Party Risk Management • Evaluating third party\'s cybersecurity control and ensuring they comply with organizations standards and industry best practices • Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis • Articulate risks and potential options for remediation or compensating controls • Understand inherent risk assessment • Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation-tracking responsibility • In-depth understand of GDPR, LGPD and other privacy requirements • Strong business and communication skills • Experience in driving meetings with stakeholders • Provide advisory and consulting to client on new trends and challenges in enterprise risk management • Experience in design and development of information security policies, standards, and guidelines • Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA • Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives • Design / modify Contract security language / security clauses • Co-ordinate and negotiate security clauses with Procurement team and Supplier • Experience on GRC platforms • Work with the client & technical teams for change request on any risk or control implementation as well as governance process • Participate in internal as well as external regulatory as well as IT security audits. • Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security

Other Requirements

Security L2/L3 Skills and Experience • Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing • Must have Bachelor’s degree in computer science, information systems or equivalent • Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC • GRC professional with good understanding of industry frameworks and standards • In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps • Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO 31000 • In-depth experience on Third-Party Risk Management • Evaluating third party\'s cybersecurity control and ensuring they comply with organizations standards and industry best practices • Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis • Articulate risks and potential options for remediation or compensating controls • Understand inherent risk assessment • Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation-tracking responsibility • In-depth understand of GDPR, LGPD and other privacy requirements • Strong business and communication skills • Experience in driving meetings with stakeholders • Provide advisory and consulting to client on new trends and challenges in enterprise risk management • Experience in design and development of information security policies, standards, and guidelines • Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA • Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives • Design / modify Contract security language / security clauses • Co-ordinate and negotiate security clauses with Procurement team and Supplier • Experience on GRC platforms • Work with the client & technical teams for change request on any risk or control implementation as well as governance process • Participate in internal as well as external regulatory as well as IT security audits. • Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security

Information at a Glance

Why HCLTech?

At HCLTech, you'll supercharge your potential. You'll find your career. And you'll find your spark. All at a place that knows that helping its customers stay on top starts by putting its people first.

HCLTech is a global technology company, home to more than 227,000 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending December 2026 totaled $14.7 billion.

23 Benefits At HCLTech, we believe in empowering our employees with comprehensive benefits that support their professional growth and enhance their well-being. When you sign up for a career with us, you gain access to: https://rmkcdn.successfactors.com/147eb21f/a701dca9-f32d-4fc9-9447-6.svg Industry-benchmarked compensation https://rmkcdn.successfactors.com/147eb21f/b0c54381-ddcc-4a33-9b35-9.svg Best-in-class healthcare benefits https://rmkcdn.successfactors.com/147eb21f/b73027be-7aae-4d36-a090-4.svg Personal time off https://rmkcdn.successfactors.com/147eb21f/d5b4fdfd-2e99-4e26-9878-9.svg Maternity and paternity benefits https://rmkcdn.successfactors.com/147eb21f/3d42b0fc-4652-435a-9ece-c.svg Access to skills / higher education programs/resources https://rmkcdn.successfactors.com/147eb21f/aeddeaf2-9e25-4584-ad11-d.svg Discounts on products and services via Benefit Box https://rmkcdn.successfactors.com/147eb21f/a9609a3b-2700-4b3c-9d90-a.svg Participate in CSR programs and live life with a purpose https://rmkcdn.successfactors.com/147eb21f/c6e33851-710f-4634-bd69-f.svg Opportunities to grow and advance your career Note: The benefits listed above vary depending on the nature of your employment and the country where you work. Some benefits may be available in some countries but not in all.