Job ID : SU1034
Role : GRC Executive 1
Type of Employment : Permanent
Hyderabad - Gachibowli / Uppal
B.Tech or B.Sc (Stats)
Experience in terms of number of years
4 to 6 years
Role & Responsibilities
Experience in Audits and Assessments preferably covering ISO 27001, SOC 1 & SOC 2 Type 2, GDPR and HIPAA.
Helping to manage the development and implementation of security policies, standards, guidelines and procedures to ensure the ongoing improvement and maintenance of security posture in line with ISO 27001, SOC 1 & SOC 2 and GDPR standards & regulations.
Develop and maintain assessment checklist and documents. Conduct comprehensive risk assessment and prepare impeccable reports.
Conduct Process understanding discussions with the Clients as part of assessing risks arising from their use of Technology and identify control gaps within their processes.
Perform SOC 1 and SOC 2 (System and Organization Controls) assessments in accordance with the attestation standards established by the AICPA (American Institute of Certified Public Accountants).
Assist in planning activities, development of audit program, and execution of internal audits and IT control assessments in the following areas : cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, and application controls, and regulatory / compliance requirements.
Review current processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management.
Work with client management team to assist in implementation of new processes and controls to address key risks, as necessary.
Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Sr. Management and Clients.
Candidate should have Sound knowledge on Business Impact Analysis, Risk Assessment Methodology, and knowledge on the Business continuity standard.
Candidate should have Sound knowledge on Information Security policy and procedures, knowledge on statement of applicability.
Technical knowledge of information security and privacy is preferred
ISO 27001 LA certification is mandatory.
Information Security Management System