Job Description:
POSITION PURPOSE
The purpose of the position is to add value and improve quality of the risk management and
assurance functions of the ITGRC team.A. KEY POSITION RESPONSIBILITIES
Sr. Key Responsibilities
1 Focus on maturing risk management and assurance processes
2 Evaluate adequacy and effectiveness of IT Controls
3 Maintaining the Risk Control Matrix
4 Preparing, reviewing and monitoring KRIs (Key Risk Indicators) for IT processes.
B. QUALIFICATIONS AND EXPERIENCE REQUIREMENT
Educational Qualifications
Essential Any Science graduate
Preferred B.E. / B.Sc (IT / Computer Science) , B.C.A, MCA
Professional Qualifications
Essential Cleared CISSP, CCSP examination
Cleared CISA, CRISC examination
Preferred Understanding of IT specific laws like IT Act, DPDP, etc.
Knowledge of RBI, SEBI, IRDBT regulatory requirements.
Work Experience
- 3-4 years in Infra Management / Network Management / Security Management /
Application Development
- 2-3 years in Auditing (preferably IT)
- Exposure to Information Security
- Exposure to standards/frameworks like COBIT, ISO, PCI DSS, NIST etc.
JOB DESCRIPTION
C. Organisation network and Interlinkages (To understand who are your Stakeholders)
Internal:
IT heads, Infosec, IS Audit
External:
D. COMPETENCY
a. Technical Skills
Skill Attribute
Auditing Skills Understanding and probing skills for ascertaining the observations
Information
Security
Overall understanding of various information security solutions
Risk
Management
Identifying, evaluating, remediating, reviewing risks.
b. Behavioural Skills
Competencies Attribute
Entrepreneurial To be enterprising and take ownership of our actions
Teamwork Working collaboratively to achieve the common goals and be successful together
Strategic thinking Assess complex situations, identify risks, and devise strategic solutions.
Communication Convey complex security concepts, risks, and compliance requirements across the
organization.
Documentation Good documentation skills
Stakeholder
Engagement
Building relationships with key stakeholders, including employees, regulators
Professionalism To conduct your duties with good judgment and in good faith
Respect To be sensitive and responsible for what we say and do.
