Lead - IS Governance

Our organization is seeking an experienced resource to manage Governance, Risk and Compliance role in compliance with ISO 27001 and other applicable laws, regulations, and standards.
The ideal candidate should have hands-on and an extensive knowledge of such applicable requirements and experience in managing policies and procedures.
The candidate will be responsible for conducting Audits and Assessments and coordinating with various stakeholders, validating artefacts, and providing support during ISMS audits.
JOB RESPONSIBILITIES :
This role is multi-faceted and proactive in ensuring that UPL IT Infrastructure and Applications are secure, protected and up to date in the face of known and emerging cyber threats and fit for purpose, contributing to resolution (and avoidance) of security issues, to ensure that all IT Security tools and the IT Infrastructure, Virtual & Cloud environments, WAN/LAN, Wireless is secured and adheres to the IT Security controls and Policies.
Ideal candidate will have strong experience and knowledge on Governance, risk, compliance, data Privacy and data Protection.
Responsibilities to be carried during the services is as follows :
- Work with internal stakeholders HR, Legal, Delivery Units, Cyber security, Physical Security and other teams globally through the lifecycle of Assurance services.
The Assurance services include coordination and support for the following :
1. Audits based on ISO27001:2013, NIST CSF, NIST-800-53 and similar applicable standards, policies, laws and regulation
2. Business Impact Analysis
3. Third-party risk management
4. Risk Management

- Continuously work on enhancing frameworks basis learnings and feedbacks received with every assurance activities
- Coordinate with internal teams on measuring effectiveness of KPIs and track them till closure
- Serve as subject matter expert to address audit and assessment requirements
- Work on information security consulting and security assessment projects with Big 4s
- Lead closure of audit observations via enterprise risk and issue management process and work with delivery and enterprise leaders for timely addressal to audit issues
- Work on requirement gathering on risk management portal enhancements and drive implementation with internal development teams
- Coordinate efforts with internal stakeholders to work on Compliance and documentation for architecture, logics and configurations including but not limited to maintenance of SOP, solution document and access control documents
- Serve as subject matter expert on Cyber analytics tool
- Drive information security controls implementation along with the IT team and govern through periodic follow ups and management reporting
- Engaging with vendors and customers for ongoing engagements and future requirements with regards to enterprise security controls obligations and improvements
- Participate diligently in status calls and review meetings with the CISO leadership team and create reports, dashboards, metrics for enterprise security compliance & assurance operations and presentation to CISO and enterprise leadership
- Review and proactively recommend Information Security metrics and follow-up with SPOCs for closure
- Help in identify potential threats and vulnerabilities to a company's critical functions and infrastructure, as well as assess the likelihood and impact of such threats on business operations.
- Develop and deliver security awareness training concerning the programs to staff members
REQUIRED EDUCATION AND EXPERIENCE :
- Bachelors / Masters degree in computer science, Information Security, or a related field.
- Minimum of 5 years of experience in Information Security Governance.
- CRISC, CISA, ISO27001:2013 Lead Implementer or Lead Auditor certification preferred.
- Hands-on experience conducting ISO27001:2013 Audits or Assessments on Cybersecurity solutions such as EDR/XDR, MDM, DLP, SIEM and similar technologies.
- Experience developing and implementing information security policies, standards, and procedures.
- Knowledge of security frameworks such as ISO 27001, NIST, and SOC II Type II Controls.
- Strong understanding of risk management and risk assessment methodologies.
- Ability to communicate technical information to non-technical audiences.
- Strong analytical and problem-solving skills.
- Self-starter with demonstrated initiative and hands-on
- Strong drive with the ability to make things happen.
- Comfortable in a dynamic environment.
- Good communication skills and experience working with international client will be preferred.