Lead -Governance, Risk and Compliance (GRC)

Company Overview:ARCON is a globallyrecognizedIdentity-As-A-Serviceproviderwithawealthofexperience in risk management and continuous risk assessment tools committed to excellence, innovation ,and security. Ouraward winning solutions portfolio includesour Privileged Access Management(PAM)solution along with Identity and Access Management(IAM), EndpointPrivilegeManagement(EPM),and Cloud overnance(CIEM), among others. Our world-classtraining, deployment, and support help organizations optimize their experience with oursolutionsrightfromtheprocurementstageandconfigureour solutionstomatch all challengesto support growth andscalability .ARCON is a leading cybersecurity organization, and we pride ourselves on fostering a culture of continuous learning and professional development.Website: Responsibilities Area:Develop and ensure all policies, procedures and guidelines are in line with industry frameworks (ISO 27001, NIST, CIS, GDPR, HIPAA)Create and drive Cyber awareness program across organizationEnsure product’s security assessments complianceImplement security controls, risk assessment framework, and program that aligns to best practices and regulatory requirements.Develop and publish Cyber security metricsEnsure company audit certificates are up to date for product complianceGovernance Risk & Compliance (GRC) is a very important role which will ensurethe successful delivery of the GRC function roles and responsibilities.The key requirement of this role is to remains current on best practices and technological advancementsThe incumbent will be responsible for:The incumbent will handle the following responsibilities –Develop policies, procedures and guidelines in line with current cyber risksCreate & Drive Cyber awareness program across organizationEnsure product’s security assessment audits are compliantImplement security controls, risk assessment framework, and program that align to best practices and regulatory requirements.Develop and publish Cyber security metricsCoordinate internal and external audits (ISO 27001, NIST, SOC2, PCI DSS, GDPR compliance program)Ensure that product related TPRM assessments are compliantDevelopment and ensuring all policies, procedures and guidelines in line with current cyber risks-Work with business teams to understand the business's current and future needs from Cyber security perspective and identify risks.Develop / review required Cyber security policies, procedures and guidelines in consultation with key stakeholders.Share policies and processes to all the users appropriately by using mediums such as emailers, e-modules, workshops, quizzes etc. And ensure adherence.Assess efficacy of security controls, document and report control failures and gaps to stakeholders.Create and drive Cyber awareness program across organization-Create holistic Cyber awareness program by looking at type of users and industry.Drive security awareness program across the organisation by using mediums such as workshops/drills/ emailers, phishing campaigns, e-modules, quizzes etc. execute awareness programs effectively. Digi TALKS etc. on Cyber security Do’s / Don’ts to enhance overall Cyber security awareness.Provide remediation guidance and prepare management reports to track remediation activities.Ensure product’s security assessments-Collaborate with stakeholders and clients and identify critical areas for the assessment.Ensure key information security risks and issues are identified, addressed and resolved in a timely manner.Create a schedule of assessment for the critical products.Maintain records of the assessments.Assist with Third Party Risk Management framework including policy updates, procedures, due diligence questionnaires and the monitoring of third parties’ adherence to information security and data privacy obligations.Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements.Collaborate with stakeholders and identify Cyber risks.Take actions to address cyber risksMaintain Cyber risk registerCreate and maintain Risk acceptance process.Develop and publish Cyber security metricsBuild and share Cyber security matrices with CISO and managementHelp CISO in Cyber GRC related and other cyber security related mattersDevelop relevant metrics, analyse data, identify trends and help drive improvements to the control environmentEssentialBachelor’ s in engineering(Computer application/Information & Technology/ Cyber security / Electronics and Telecom)PreferredRelevant industry certification such as ISO 27001 Lead Auditor/Lead Implementor, CISA / CISM / CCSP etc. (at least two) is highly desirable.Requisite ExperienceEssential10 years’ experience of Cyber security out of which minimum 6 yrs in GRC.PreferredExperience of leading ISO27001, SOC2 Type2, PCI DSS certified programme.Excellent interpersonal skills, comfortable working at all levels within an organisation and in a wide variety of situations.

Apply Now