Deputy Vice President - Governance, Risk & Compliance
Gurugram, India
SBI Card
Credit Card - SBI credit card offers amazing deals, rewards & offers for all types of spends. Know more about our credit card services. Apply now!Policies, Procedures and Standards:
- Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business in line with the GRC roadmap
Act as security risk management ambassador to internal customers.
Establish and maintain security metrics and reporting.
Ensure implementation and compliance of requirements derived from various legal and regulatory frameworks.
Support Respond to customer security/compliance questionnaires.
Work with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders.
Monitor the security risk profiles of our suppliers to objectively determine high risk suppliers that require additional review.
Work with business and technical team members, third party vendors and auditors to ensure adherence to various compliance standards.
Ensure timely closure of action points, observations from various audits / assessments etc.
Participate in planning, scheduling and preliminary analysis for all internal and external audits such as ISO 27001, PCI DSS etc.
Information Security Performance Management:
Ensure metrics to evaluate the information security programs are tracked and reported.
Implement recommendations provided for areas needing improvement.
Drive closure of observations from various audits / assessments in a timely manner
Monitor compliance of Information and cyber security policy/standards, applicable laws, regulations, and standards including ISO 27001, PCI DSS, COBIT etc.
Recommends improvements in processes and control procedures, effectiveness and efficiency of control mechanisms and methods of risk reduction to comply with various standard.
Conduct compliance assessments, provide advice and guidance on the applications/technology and operations for various compliance requirements.
Information Security Exception Management:
Support the Information Security Exception management.
Support regular reviews with senior management to present view of aggregate Information security risk to SBIC
Implement improvements to reduce the exceptions.
Information Security Awareness/Trainings:
Actively participate in performing Information Security Awareness trainings and keeping track of compliance
Support evaluation of the effectiveness of awareness and training programs and make recommendations for improvement.
Conducts knowledge transfer training sessions to security operations team upon technology implementation.
Project/Work Planning
Provides project management support for Information risk management projects.
Ensure timely and quality delivery of projects while adhering to project budgets.
Liaisons with IT teams to ensure security is engaged in all projects.
Financial Management:
- Manage various RFP processes within the parameters of cost, quality, schedule and business objectives.
- Manage sourcing processes including invoicing, purchase requests and orders etc.
Technical Skills / Experience / Certification
Risk-related industry-standard certifications such as CISA, CISM, CISSP
Competencies critical for role
1. Sound knowledge of industry best practices and popular frameworks like ISO 27001:2013, COBIT, NIST and regulations like PCI-DSS, RBI
2. Experience in enterprise IT Systems and security technologies like DLP, Firewalls, WAF, Proxy etc.
3. Prior experience in performing security risk assessments
4. Good Analytical, problem solving and inter-personal skills
5. Good Documentation and Communication Skills. Conducting internal assessments of IT Policies, Standards and Process compliance to IT Audit standards.
6. Experience in working independently and within a team at all levels
7. Ability to handle high pressure situation with key stakeholders.
Must have Qualification:
A bachelor’s degree in a related area such as Computer Science or Information Technology.
PG - Any Postgraduate, Post-Graduation (Not Mandatory)
• Risk-related industry-standard certifications such as CISA, CISM, CISSP, would be a strong recommendation. Additionally ISO27001, and PCI Certifications would be an added advantage
• Strong risk assessment capabilities, technology and platforms across a broad range of industries
Overall experience in role: 12 + years
Relevant Experience with respect to the role: Relevant 8+
Preferred Industry: BFSI, NBFC, ITES, Telecom
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISSP COBIT Compliance Computer Science Firewalls Governance ISO 27001 NIST PCI DSS RFPs Risk assessment Risk management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open PowerShell-related jobs