Company: Aviva India
Location: Gurugram, Haryana, India
LinkedIn post

Key Responsibilities


• Lead the Governance, Risk, and Compliance (GRC) initiatives, ensuring alignment with local and global standards.

• Oversee comprehensive risk management processes, including the identification, evaluation, and prioritization of risks associated with information security, privacy, and regulatory compliance.

• Ensure rigorous compliance monitoring across various regions, maintaining adherence to industry standards and government regulations such as IRDAI, ISO 27001, NIST, and CERT-IN.

• Develop, review, and refine policies, standards, and procedures to uphold compliance and address evolving regulatory landscapes.

• Execute thorough vendor risk assessments to guarantee that third-party vendors align with stringent security requirements.

• Implement and evaluate robust security controls and frameworks, ensuring their effectiveness in safeguarding organizational assets.

• Engage in proactive research to bolster threat assessment capabilities and enhance risk mitigation strategies.

• Design and deliver comprehensive training and awareness programs to foster a culture of compliance and risk management across the organization.

• Demonstrate hands-on expertise in conducting and managing IT general control audits, with a focus on continuous improvement.

• Manage vulnerability assessment programs, ensuring timely identification and remediation of security gaps.

• Formulate and execute business continuity and disaster recovery (BC/DR) strategies to minimize operational disruptions and ensure resilience.


Key Competencies


• Has the capability to drive projects to fruition, no matter how complex or ambiguous the environment.

• Thrives in a cross-functional and fast-paced, environment. Is not afraid of rolling up their sleeves and getting their hands dirty with minute details.

• Strong problem-solving skills and a willingness to learn and adapt in the product management field.

• Effective communication and collaboration within a cross-functional team.

• Eagerness to stay updated on industry trends and integrate them into product development.


Qualifications:


• A bachelor’s degree in information technology, Cybersecurity, or a related discipline is required.

• A minimum of 5-7 years of experience in GRC, information security, or a related area within the BFSI sector.

• Professional certifications such as CISM, CISA, or CRISC are desirable.

• A deep understanding of regulatory frameworks and standards like NIST, ISO, and BCMS is essential.

• Good communication skills, with proficiency in articulating complex concepts to diverse audiences.