Job Summary

GRC Lead : The GRC – Risk & Compliance SME (Level 2) is responsible for assessing, implementing, and supporting governance, risk, and regulatory compliance programs across enterprise IT environments. The role focuses on conducting independent risk and compliance assessments, supporting regulatory and customer audits, monitoring adherence to IT security and data privacy requirements, and driving remediation of audit findings. Working closely with client stakeholders and internal teams, the SME supports the development and enhancement of risk and compliance frameworks, ensures GDPR and regulatory compliance, and contributes to continuous improvement of governance and information security practices in line with contractual and regulatory obligations

Key Responsibilities

Performing independent Assessment & recommend mitigation strategies on client’s Governance Risk & compliance environments like ITGC, GDPR, German Data protection Act etc.\r\n• Participates in process and control documentation pertaining to controls implementation.\r\n• Participates in regulatory audits (process and IT) and management reporting.\r\n• Facilitates IT governance implementation.\r\n• Research and Development in best practices around core business processes, IT security.\r\n• Develop service offerings for various industry regulatory and compliance requirements.\r\n• Development and implementation of operational and enterprise risk frameworks.\r\n• Liaise on with Client counterparts for compliance reporting & continually enhancing the risk & compliance framework implemented for the project.\r\n• Drive & participate in different Risk, Compliance & Audit program and support all external/internal compliance assessment\r\n• Drive/assist closure of audit non-conformities\r\n• Monitor compliance with various contractual IT security requirements, customer policies/procedures\r\n• Ensure relevant data privacy controls were deployed and GDPR requirements are monitored\r\n• Point of contact for reporting & investigation of any relevant data breach\r\n• Perform assessment to ensure that data privacy requirements were met\r\n• Perform Delivery Center Assessment and submit report with mitigation/management response \r\n

Skill Requirements

Years of Experience:\r\n• 6 to 10 Years\r\nRequired skills:\r\n\r\n• Functional experience in domain of Governance, Enterprise Risk Management and Regulatory Compliance.\r\n• Experience in regulatory compliance like, BaFIN, MARisk, KRITIS,, ITGC, General Data Protection Regulation (GDPR), German Data protection Act etc.\r\n• A solid understanding of IT control frameworks and IT general controls\r\n• Working knowledge of overall risk management process that is conducting/participating on internal/external risk assessments and remediation process.\r\n• Must have experience of conducting risk, compliance & audit programs\r\n• Experience in managing large scale information security projects\r\n• Experience across multiple Information Security domain i.e. IT Regulatory/policy Compliance, IS Governance, Risk Management, IT Infrastructure Security\r\n• Have good technical awareness on Information security & IT network/infrastructure components\r\n• Open to learning and working on new domains and technology\r\n• Open to travel onsite for long term as well as short term. \r\n• Good written and spoken communications skills Good written and spoken communications skills Good knowledge on Aruba ClearPass NAC integration with wired and wireless authentication along with Secure network access (Profiling and Posturing)\r\n• Good hands-on experience in administration of Zscaler proxy solution i.e. Zscaler Client connector, Traffic forwarding, authentication & Security policy configuration \r\n\r\nQualification:\r\n• B.E/B.Tech CISA/ CISM/CISSP certification, ISO 27001 (Lead Auditor) preferred\r\n

Other Requirements

Candidate should be flexible to work in 24*7 work environment or EU time zones