Responsibilities:
- Risk Management: Conduct risk assessments to find and prioritize potential threats and vulnerabilities in operations and IT systems.
- Compliance Monitoring: Track changes in laws, regulations, and standards (like ISO 27001) to maintain compliance.
- Process Development: Help create and update GRC process and procedures that align with best practices and requirements.
- Audits and Assessments: Support internal and external audits and provide documentation to show compliance.
- Remediation Tracking: Report control failures, track fixes, and ensure corrective actions are taken.
- Control Testing: Provide expert guidance on regulatory changes and emerging security threats, ensuring the organization remains compliant and secure.
- GRC practices and security awareness.
Required Skill & Experience:
- Experience in core IT Risk, Compliance, and security projects.
- Broad understanding of cyber security concepts and risks.
- Experience in assessment of audit findings / gaps including control weaknesses in coordination with different stakeholders and assist with development of management action plans.
- In depth understanding of security classification, change controls, SDLC, security controls, Application Controls, including interfaces and configurations on a variety of applications, operating systems, databases, and networks.
- Hands-on experience in Internal and External Audit.
- Control Testing and Risk Management
- Knowledge in ITGC & ISMS.
- Knowledge in Architecture Design and Network related would be plus.
- Experience with Telecom Domain and cybersecurity concepts is beneficial.
- Certifications (Preferred): Certifications such as ISO 27001 LA/LI ,CISM.
- Good English communication is required
