Grc specialist
Posted: July 4, 2024, 8:51 a.m. - Full Time - AhmedabadGeneral Job Requirements
- Participates in a global security risk assessment program.
- Prepare and provide regular GRC Reports and Metrics (Weekly, Monthly, Quarterly, Yearly, Ad Hoc, etc.) to the Head Cybersecurity Specialist and CISO.
- Conduct Cybersecurity Risk Management, including Risk Assessments of the client Information assets and services, and work with the Risk Owners to mitigate the Risks through appropriate Cybersecurity Controls.
- Conduct Cybersecurity Risk Management, including Risk Assessments of the client Information assets and services, and work with the Risk Owners to mitigate the Risks through appropriate Cybersecurity Controls.
- Develop, maintain and regularly update a Cybersecurity Risk Register and contribute towards Cybersecurity improvements.
- Perform Compliance Management for the client Policies, Procedures, applicable Regulations as well as Standards and Audit recommendations.
Policies, Regulatory and Compliance
- Works with Internal Audit, Stakeholders, General Counsel and outside consultants as appropriate on required security assessments and audits
- Assists in executing strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, ISO, HIPAA, HITRUST, and NIST 800-171
- Routinely completes privacy gap analysis of current laws and regulations and ensures organization’s compliance therewith.
- Coordinates and tracks all information technology and security related audits including scope of audits, timelines, auditing agencies and outcomes.
- Interact with Third-Party Suppliers / Vendors / Contractors / Consultants and ensure GRC projects are completed on time and within budget and desired quality.
- Provides guidance, evaluation and advocacy on audit responses.
PREFERRED SKILLS/EXPERIENCE - Bachelor’s degree in Information Systems, Cybersecurity, or a related field preferred. - Certifications that are strongly preferred (not required): CISA, CISSP, CISM and/or other security certifications - Experience in security governance, security compliance or risk management preferred. - Experience in designing and implementing security standards and best practices. - Experience in PCI DSS, ISO 27001, SOC2 audits is preferred. - Experience developing and/or analyzing security policy. - Hands-on experience in establishing and maturing an organization's Security Program.
PROFESSIONAL SKILLS
- Great problem-solving skills.
- Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to other teams within Aristocrat, Inc., locally and globally.
- Exceptional communication skills, including the ability to gather relevant data and information, connect through listening, dialogue freely, and verbalize ideas effectively.
- Proven presentation and facilitation skills.