Grc specialist

Posted: July 4, 2024, 8:51 a.m. - Full Time - Ahmedabad

General Job Requirements

  • Participates in a global security risk assessment program.
  • Prepare and provide regular GRC Reports and Metrics (Weekly, Monthly, Quarterly, Yearly, Ad Hoc, etc.) to the Head Cybersecurity Specialist and CISO.
  • Conduct Cybersecurity Risk Management, including Risk Assessments of the client Information assets and services, and work with the Risk Owners to mitigate the Risks through appropriate Cybersecurity Controls.
  • Conduct Cybersecurity Risk Management, including Risk Assessments of the client Information assets and services, and work with the Risk Owners to mitigate the Risks through appropriate Cybersecurity Controls.
  • Develop, maintain and regularly update a Cybersecurity Risk Register and contribute towards Cybersecurity improvements.
  • Perform Compliance Management for the client Policies, Procedures, applicable Regulations as well as Standards and Audit recommendations.

Policies, Regulatory and Compliance
- Works with Internal Audit, Stakeholders, General Counsel and outside consultants as appropriate on required security assessments and audits - Assists in executing strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, ISO, HIPAA, HITRUST, and NIST 800-171 - Routinely completes privacy gap analysis of current laws and regulations and ensures organization’s compliance therewith. - Coordinates and tracks all information technology and security related audits including scope of audits, timelines, auditing agencies and outcomes. - Interact with Third-Party Suppliers / Vendors / Contractors / Consultants and ensure GRC projects are completed on time and within budget and desired quality. - Provides guidance, evaluation and advocacy on audit responses.

PREFERRED SKILLS/EXPERIENCE - Bachelor’s degree in Information Systems, Cybersecurity, or a related field preferred. - Certifications that are strongly preferred (not required): CISA, CISSP, CISM and/or other security certifications - Experience in security governance, security compliance or risk management preferred. - Experience in designing and implementing security standards and best practices. - Experience in PCI DSS, ISO 27001, SOC2 audits is preferred. - Experience developing and/or analyzing security policy. - Hands-on experience in establishing and maturing an organization's Security Program.

PROFESSIONAL SKILLS

  • Great problem-solving skills.
  • Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to other teams within Aristocrat, Inc., locally and globally.
  • Exceptional communication skills, including the ability to gather relevant data and information, connect through listening, dialogue freely, and verbalize ideas effectively.
  • Proven presentation and facilitation skills.