The Job Responsibilities include:
--Oversee development and implementation of a risk assessment framework.
--Ensuring governance to the Organization's Information Security Policy and Standards across all Business units and support function based on ISO27001 and other mandatory checks.
--Build, maintain and ensure adherence to the IT Governance Risk & Compliance framework and Monitor the processes, policies, procedures and standards applicability, effectiveness and efficiency.
--Experience on various IT services management standards such ITIL and IS management standards like NIST,ISO 27001, ISo31000, and ISO22301. Also
have knowledge of PCI DSS V3
-- Processing continual improvement of documented IT processes from a risk perspective.
--Respond to departments execution, goals and objectives assuring processes, policies and standards provides measurable results white complying with business goals and regulatory requirements.
--Liaison with IT management in monitoring risk management processes and collaborating for any required remediation, Co-ordination of IT responses to internal and external audit.
--Ensuring an appropriate level of risk oversight is provided over outsourcing partners and other strategic suppliers, in particular the infrastructure and operational service provider, as required by regulator and Group Standards
--Act as the IT controls knowledge expert and point person by working and coordinating with management,audit and other areas of organization
--Develop reports for the executive audience on standards governance activities and assist management in monitoring IT audit remediation efforts.
--Manager Moodys audit , external audit by coordinating with the Third parties, regulators and external auditors.
--Provide timely and accurate reporting (monthly, quarterly and ad-hoc) for key stakeholders.
--Managing Information security projects Requirements gathering, co- ordination Creation and maintenance of Project Plan Project documentation &Effective knowledge transfer
.--Report daily, weekly and monthly as per project requirements.
--Developing and Delivering security awareness training sessions to the existing employees and to the new joiners in the Organization.