GRC Consultant

Job Description

• Catering to Bank’s requirements related to IT and IS governance, risk, and compliance

• Ensure continuous review an updation of security policies processes, Guidelines and SOPs.

• Assist Bank in development and review of ISMS framework, IS Architecture, risk management framework, privacy framework based on regulatory guidelines and best practices (such as RBI, GoI, ISO, NIST, SANS, MITRE,

CIS etc. and Indian laws and regulations as amended from time to time

• Ensure compliance with relevant industry standards and RBI regulations

(e.g., RBI, Data Localization, Master Direction, PCI-DSS, ISO 27001, UIDAI and

other regulatory compliance & audits

• Conduct gap analysis to identify areas where compliance improvements are needed.

• Conduct gap analysis and privacy reviews

• Conduct risk assessment and develop risk mitigation strategies and risk management framework

• Assist Bank in developing, amending, reviewing, and updating Bank’s IT and IS polices and frameworks

• Assist Bank in developing baselines for Bank’s IT environment

• Developing, reviewing, and updating Bank’s KPIs and KRIs related to IS and Cyber Security

• Monthly reports related to KPIs and KRIs related to IS and Cyber Security.

• Ensuring compliance to statutory and regulatory directions and guidelines of Government of India, RBI, and other agencies

• Developing and imparting Cyber Security awareness programs for the Bank for end users, server administrators, network administrators etc.

• Developing, reviewing, and updating procedures and guidelines related to IS and CS

Qualification & Skills

• 5-8 years of experience in GRC

• Bachelor’s/master’s degree in computer science/Computer Engineering/ IT/ Electronics & Communication or MCA

• Experience in risk & privacy management, security policies, procedures, governance, and compliance

• Deep Understanding of standards related to NIST, ISO etc.

• Excellent written and verbal communication skills.

• Knowledge of Security legislation and regulatory frameworks (e.g., CISA, RBI, DPA, PCI-DSS, GDPR)

• Security methodologies and industry standards

(e.g., ISO27001)

Certifications

CISA/ CISM/ CISSP/

ISO 27001 LI/

LA and Certified Privacy Professional

ISO 27701

certification desirable