Lead IS & IT GRC

Our Client is seeking a highly skilled Lead IS & IT GRC to lead the GRC (Governance, Risk, and Compliance) initiatives. This role involves updating and maintaining a robust governance framework, proactively managing risks, and ensuring compliance with relevant industry standards, regulatory compliance and legal requirements. This critical role will involve conducting periodic reviews, driving compliance initiatives, overseeing compliance findings, driving continuous improvement in our IS & IT GRC program, interfacing audits and documenting processes to enhance the overall program maturity. An experienced and highly skilled professional is required to assume the position of Manager, Information Systems & Information Technology Governance, Risk, and Compliance (IS & IT GRC). This role is of critical importance in safeguarding the organization's information infrastructure and assets. The selected candidate will be responsible for establishing and maintaining a robust governance framework, performing detailed risk analyses, and guaranteeing strict adherence to applicable industry regulations and legislative requirements. Key duties will include conducting regular reviews, implementing compliance protocols, rectifying compliance issues, leading continuous improvement initiatives within the IS & IT GRC program, managing review processes, and developing thorough procedural documentation to enhance the program's maturity.

• Conduct risk assessments for new and existing services and technologies to minimize business impact and inform risk management decisions.
• Identify, assess, and mitigate information security risks to protect organizational assets and reputation.
• Maintain an up-to-date risk register.

• Conduct thorough assessments to evaluate compliance with ISO/IEC 27001 standards and our client information security framework.
• Maintain an up-to-date compliance calendar and track compliance activities.
• Ensure effective documentation to support compliance. Ensure compliance with internal policies, relevant contracts, legal requirements, and regulatory guidelines such as RBI regulations.

• Plan and execute audits with internal and external auditors, ensuring thorough documentation.
• Track audit findings and ensure they are addressed by relevant teams.
• Prepare comprehensive audit reports for management.

• Continuously improve and maintain information security processes, procedures, and policies aligned with industry best practices and regulatory requirements.

• Coordinate training programs with the L & D team to educate employees, contractors, and system users about information security best practices and their responsibilities.

• Work with internal and external stakeholders to coordinate audits, manage security projects, and align compliance initiatives.

• Ensure that technological governance, risk, and compliance frameworks support strategic objectives and meet audit, legal, and risk requirements obligations.

• A minimum of seven (5) years of professional experience in information security risk and compliance management within a complex organizational setting is required.
• Preference will be given to applicants possessing experience in the development and management of internal IT risk and compliance programs, rather than advising external clients or conducting audits.
• Essential skills include proven expertise in ISO/IEC 27001 implementation, maintenance, internal review procedures, and managing ongoing maintenance projects. The role also requires experience in liaising with non-technical departments.
• A robust understanding or practical engagement with ISO 27001, PCI DSS and SOC2 standards is necessary.
• Experience in organizations subject to regulatory oversight by the RBI, NPCI, SEBI or IRDAI is advantageous.
• A comprehensive knowledge of information security operational processes and technologies is critical.
• Advanced documentation and reporting capabilities are mandatory.
• Exceptional stakeholder management skills are requisite.
• Certifications such as CISM, CISA, ISO 27001 Lead Implementer are highly desirable.
• Experience within the financial services industry, with particular emphasis on regulated fintech, is considered a significant asset.

• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Strong attention to detail.
• Ability to adapt to a fast-paced environment.