Deputy Manager & Manager - IT GRC - Mumbai

Job Title: Deputy Manager / Manager GRC
Location: Mumbai (Work from Office)
Employment Type: Full-time

Role and Responsibilities:

• Governance: Develop, review, and update information security policies, procedures, and frameworks. Integrate security governance into the enterprise risk management framework.
• Risk Management: Conduct comprehensive risk assessments. Develop and implement risk management strategies. Monitor and evaluate the effectiveness of risk management controls.
• Compliance: Ensure compliance with regulatory requirements and industry standards. Manage and coordinate internal and external audits. Interact with regulatory bodies and external agencies.
• Incident Management: Develop and maintain incident response plans. Assist with the investigation and resolution of security incidents. Conduct root cause analysis and develop preventive recommendations.
• Training and Awareness: Design and implement security awareness training programs. Conduct periodic security training sessions and workshops. Assess and improve training programs based on feedback and incident trends.
• Reporting and Documentation: Prepare detailed reports on information security governance, risk management, and compliance activities. Document and track issues, findings, and remediation efforts.Provide regular updates to senior management and stakeholders.
• Policy and Procedure Management: Develop and manage the lifecycle of security policies and procedures. Ensure documentation is current, accurate, and accessible.
• Audit Management: Manage stakeholder interactions regarding IT-related risks, audit findings, and compliance aspects. Work with external IS auditors/vendors to schedule, monitor, and close IT and IS-related issues.

Skills:

• Strong oral and written communication, analytical, and problem-solving skills.
• Superior organizing skills along with time and team management.
• Experience with project management tools like MS Project.
• Proficiency in collaboration tools like SharePoint and Teams.

Education & certification:

• Bachelor’s degree in information security, Computer Science, or a related field. 
• Below certification would be an added advantage: 
  • CISA, ISO27001, ISO22301, CISSP