All, 8 Plus Years
Posted 11 months ago

Job Openings

Cybersecurity Expert (GRC)


10-18 Years



Job Description

I. Skills and Competencies

  • Implement and oversee enforcement of policies, procedures, standard and associated plans based on industry-standard best practices (ISO 27001, NIST, PCI-DSS, etc)
  • Perform technology based risk assessments, 3rd party risk assessment, M&A security governance and exception management against the Company standards for applicable scenarios & manage risk to an acceptable level
  • Perform technology security review on application, infrastructure & cloud
  • Maintain continuous compliance of user access management on network, servers and applications
  • Maintain continuous compliance with network, servers, applications and workstation configurations against the security and hardening standards
  • Prepare compliance reports and remediation details from periodic review of application, workstation, servers, and network device configuration
  • Maintain continuous compliance of data Loss Prevention (DLP) and CASB for all applications, infrastructure and systems supporting Company operations to prevent data leakage
  • Perform risk assessment on application during SDLC and compliance check related to access control and data sanitization
  • Identifying, documenting and maintaining information security risk register & reporting to the security lead and other stakeholders
  • Provide monitoring, independent oversight and facilitate the execution & continuous improvement of 3rd party risk management and M&A programs and processes
  • Influence Security Control Automation efforts, security and compliance at scale
  • Represents Security posture of Company in internal & external audits
  • Drive security awareness & conducts regular training on Company’s security policy and standard requirements through training, communication, and workshops

II. Education and Experience Qualifications: 

  • Bachelor’s degree in information technology or other related field
  • At least 5 years of working experience related to information security practices with a minimum of 3 years in GRC domains
  • Excellent understanding & experience of security policy management, security standards and frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX and SOC2
  • Solid understanding of operational and organizational structures, and experience in global, matrix organizations, Vendor & 3rd party Risk Management
  • Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response
  • Experience with agile approaches and experience in DevOps or DevSecOps, and how they impact risk management and compliance
  • Possess of information security certifications, such as CISSP/CISM/CRISC/CEH/ISO 27001
  • Experience in HLD & LLD review and driving cross-functional programs
  • Excellent problem solving, interpersonal, communication and presentation skills

III. Preferred:

  • ISO 270001 , CISA certification (Any One)

Apply For Job

Job Features

Experience10-18 year

Apply Online

A valid phone number is required.
A valid email address is required.