We are currently looking for an experienced IT Security Auditor and GRC subject matter expert (SME) who will be a key resource to grow the Governance, Risk and Compliance (GRC) practice for intiGrow — both for India as well Global operations. The person will be responsible for conducting audits at client locations, make recommendations to achieve compliance, implement various information security frameworks and standards and serve as an internal and external information security GRC expert.
- Should have 4 to 6 years of progressive experience in Governance, Risk, and Compliance (GRC) field with specific focus on IT Security Audit functions in mid to large sized organizations;
- Should have experience of having conducted IT Security Audits in various types and sizes of organizations and helped them achieve compliance with industry best practices, internationally accepted standards (ISO 27001, 20000, 22301) and frameworks (COBIT, ITIL);
- Should have experience in implementing and maintaining an incident management, change management, problem management process in a medium to large sized organization;
- Should be capable of maintaining an effective Information Security Management System in compliance with ISO 27001 (or similar) company imperatives;
- Should be able to conduct training and mentor other members related to ISO 27001, 20000 (or similar) standards;
- Should be experienced in implementing international standards like ISO 27001, 20000 (or similar) and ITIL framework;
- Be able to bring in IT security best practices to identify data owners, custodians, approvers, reviewers, etc and be able to manage all related documentations and records in appropriate manner;
- Should be capable in co-coordinating with the concerned team on conducting Vulnerability Assessment and Penetration Testing on systems/network;
- Should have one or more of the following certifications: CISA, ISO 27001 LA , ISO 20000 LA, BS25999 LA, CISSP, ITIL v3;
- Should fluent on the Indian as well as international legislations/compliance bodies like SOX, GLBA, HIPAA, FISMA, FFIEC, PCI etc. pertaining to Information Security.
- Should have adequate experience on team management
- Should possess excellent communication and inter-personal skills
- Strong process orientation and documentation capabilities are highly desirable
- Good technical troubleshooting skills
- Conduct IT Security Audits for intiGrow’s clients/customers and help them with achieving compliance;
- Implement information security policies and procedures for the organization to achieve ISO and / or other certifications;
- Perform information security risk assessments and serve as an internal auditor for security issues in intiGrow and for its clients;
- Review / Design security plans and processes and assist clients in implementation of the same;
- Advise the client organizations with current information security technologies and related regulatory issues
- Ensure that all the audit findings are closed in a timely manner and report findings to the leadership team for action and closure
- Monitor compliance with information security policies and procedures, referring problems to the appropriate department managers for intiGrow’s clients;
- Point out to clients, areas of security improvements and suggest measures to improve the information security posture;
- Work with Marketing and Sales teams in the process of identifying, qualifying and prospecting leads and opportunities — both in pre-sales and sales cycle.