Responsibilities :

- Lead the team of GRC professionals and executing advisory & consulting projects around regulatory risk & compliances such as ISO 27001, ISO27701, HIPAA, GDPR etc.

- Oversee the delivery of services related to pre-preparedness for an information security audit (ISO 27001, ISO27701, HIPAA, GDPR etc.), risk management, and security awareness

- Document, review and update information security policies and associated procedure documentation at client end

- Assess the security controls and practices (policies, procedures etc.) to identify the non-compliant

- Collaborate with other departments to ensure compliance with regulatory requirements

- Support teams to conduct regular security assessments and audits to identify vulnerabilities and gaps in the organization's security posture

- Lead the development and execution of security awareness and training programs for employees

- Execute information security assessment, risk assessments pertaining new clients/vendors onboarded.

Requirements :

- Bachelor's degree in any field with experience in information security, cybersecurity etc., or a related field

- 8-10 years of experience in governance, risk & compliance

- Experience in managing and leading a team of GRC professionals

- Excellent communication, and interpersonal skills, with the ability to articulate complex cybersecurity concepts to non-technical stakeholders

- Basic/advanced understanding of Information Security and standards such as ISO 27001, ISO27701, HIPAA, GDPR etc.

Good to have :

- Knowledge of Data Privacy Requirements and Cyber Laws across countries.

- Technical knowledge of security principles around Network Security, Perimeter Security, Data Security, End User System Security etc.

- CISA, CISSP, CISM certifications are added advantage