Deputy Vice President - Governance, Risk & Compliance

Policies, Procedures and Standards:
- Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business in line with the GRC roadmap
Act as security risk management ambassador to internal customers.
Establish and maintain security metrics and reporting.
Ensure implementation and compliance of requirements derived from various legal and regulatory frameworks. 
Support Respond to customer security/compliance questionnaires.
Work with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders.
Monitor the security risk profiles of our suppliers to objectively determine high risk suppliers that require additional review.
Work with business and technical team members, third party vendors and auditors to ensure adherence to various compliance standards.
Ensure timely closure of action points, observations from various audits / assessments etc.
Participate in planning, scheduling and preliminary analysis for all internal and external audits such as ISO 27001, PCI DSS etc.

Information Security Performance Management:
Ensure metrics to evaluate the information security programs are tracked and reported.
Implement recommendations provided for areas needing improvement.
Drive closure of observations from various audits / assessments in a timely manner
Monitor compliance of Information and cyber security policy/standards, applicable laws, regulations, and standards including ISO 27001, PCI DSS, COBIT etc. 
Recommends improvements in processes and control procedures, effectiveness and efficiency of control mechanisms and methods of risk reduction to comply with various standard.
Conduct compliance assessments, provide advice and guidance on the applications/technology and operations for various compliance requirements.

Information Security Exception Management:
Support the Information Security Exception management.
Support regular reviews with senior management to present view of aggregate Information security risk to SBIC
Implement improvements to reduce the exceptions. 

Information Security Awareness/Trainings:
Actively participate in performing Information Security Awareness trainings and keeping track of compliance
Support evaluation of the effectiveness of awareness and training programs and make recommendations for improvement.
Conducts knowledge transfer training sessions to security operations team upon technology implementation. 

Project/Work Planning
Provides project management support for Information risk management projects. 
Ensure timely and quality delivery of projects while adhering to project budgets.
Liaisons with IT teams to ensure security is engaged in all projects.

Financial Management:
- Manage various RFP processes within the parameters of cost, quality, schedule and business objectives.
- Manage sourcing processes including invoicing, purchase requests and orders etc.
 

Technical Skills / Experience / Certification

Risk-related industry-standard certifications such as CISA, CISM, CISSP 

Competencies critical for role

1. Sound knowledge of industry best practices and popular frameworks like  ISO 27001:2013, COBIT, NIST and regulations like PCI-DSS, RBI
2. Experience in enterprise IT Systems and security technologies like DLP, Firewalls, WAF, Proxy etc.
3. Prior experience in performing security risk assessments 
4. Good Analytical, problem solving and inter-personal skills
5. Good Documentation and Communication Skills. Conducting internal assessments of IT Policies, Standards and Process compliance to IT Audit standards.
6. Experience in working independently and within a team at all levels
7. Ability to handle high pressure situation with key stakeholders.
 

Must have Qualification:

A bachelor’s degree in a related area such as Computer Science or Information Technology.
PG - Any Postgraduate, Post-Graduation (Not Mandatory)
• Risk-related industry-standard certifications such as CISA, CISM, CISSP, would be a strong recommendation. Additionally ISO27001, and PCI Certifications would be an added advantage 
• Strong risk assessment capabilities, technology and platforms across a broad range of industries

Overall experience in role: 12 + years

Relevant Experience with respect to the role: Relevant 8+

Preferred Industry: BFSI, NBFC, ITES, Telecom