- Looking for someone who is ISO 27001 (Lead auditor) certified.
- Minimum 40+ internal. Client Audits
- Prefer someone who has experience working with KPMG, E&Y, Deloitte Etc
- Prefer Male candidates
Responsibilities:
- Ability to work across the Information Security organization and across the company with other technical and non-technical groups.
- Ability to analyse complex technical and business requirements from a security perspective and make appropriate recommendations to reduce the over-all risk to minimal.
- Foundational understanding of GRC functions and the ability to translate technical language and requirements to information digestible by the business
- Observes changes in prevailing regulations and accreditation standards affecting information security, and makes recommendations on the need for training changes
- Understand and discuss security policies and standards and how they align to their customer
- Understand the different regulatory compliance standards and can communicate how they are applicable
- Solving complex problems, escalating high priority issues or risks as appropriate, coordinating and scheduling meetings/events, attending security meetings, collaborating with business units to understand needs for cybersecurity training and education.
- Good Understanding of Third Party
- Basic understanding of PCI DSS/ NIST/ ISO 27001 frameworks
- Good Understanding of IRDAI Cyber Security Guideline
Required Minimum Qualifications:
- Bachelor’s Degree in Computer Science or related field or 2 years of experience in applicable role
- 4+ years of experience as in GRC function
- Strong ability to articulate business risks of technical issues to non-technical personnel
- Knowledge of core Information Security concepts related to Governance, Risk & Compliance
- Strong analytical / problem solving skills
- Broad knowledge of infrastructure (network and servers), services and security policies
- Demonstrated ability to work in a team environment
- Ability to act independently and exercise good judgment as well as the ability to work cross functionally and create virtual teams is essential
- Ability to prioritize and manage multiple tasks
Preferred Qualifications:
- Demonstrated understanding of internal security controls, assess risks and identify opportunities for improvement
- Expert knowledge of information security topics, system architecture and Internet technology
- For requirements it would be good to see experience in leading projects or managing a product deployment
- Strong analytical skills/problem solving/conceptual thinking
- Information Security certification; one or more of the following (CISM, CISA, CRISC or ISO 27000 Lead Auditor), or relevant certifications