JOB SUMMARY:
The role is for an experienced GRC professional in cybersecurity to lead GRC activities and ensure smooth team operations. Key responsibilities include leading the Third-Party Risk Program, ensuring compliance, meeting KPIs, and managing third-party risks. The role will also support to govern the Cloud Centre of Excellence (CCoE), optimize cloud resources, automate risk management, establish risk assessment frameworks, maintain real-time dashboards, and ensure cybersecurity and IT compliance.
KEY RESPONSBILITIES:
• Driving the Third-Party Risk Program
o Ensure program compliance.
o Meet program KPIs.
o Report KPIs at defined frequencies.
o Monitor KPIs on an ongoing basis.
o Assist the team in managing and mitigating third-party risks.
• As part of the Risk Management Program (IT & Cybersecurity), the role will;
o Establish processes for the collection of individual metrics across the documented risk domains.
o Establish and manage connectivity through development between the source and destination platforms for populating and consolidating key metrics.
o Maintain the risk methodology and process for incorporating risk scores and calculation metrics in the destination platform for each individual metric and at the domain level, in line with industry standards & best practices.
o Build and manage a dynamic live dashboard that incorporates live query to the backend data that has the risk calculated to showcase live risk domains, their health, and other associated trends and insights as generated by platform.
o Manage the reporting process around the program that includes scheduling periodic insights, dashboard updates to specific leaders and teams.
o Ensure, through periodic reviews, the CIA of the information is maintained and adjust the metrics, sources, risk calculation and quantitative methods to ensure they are accurate and up-to-date, with automatic validations set up wherever possible.
• Supporting the Cloud Centre of Excellence (CCoE) governance, ensuring implementation of industry best framework and practices in existing and new cloud-related setups. This includes:
o Implement policies for efficient resource use and cost-effective strategies.
o Eliminate unused resources and optimize pricing plans.
o Set up budget workflows and thresholds to control spending.
o Maintain real-time dashboards for monitoring usage and costs.
o Use inbuilt tools to detect and address anomalies promptly.
o Manage process to regularly review cloud operations.
o Establish relevant policies and monitoring/reporting procedures to ensure compliance and accountability in cloud operations.
• Establish and maintain a robust risk assessment framework to accurately inventory and evaluate assets in scope, ensure and track regular risk assessments, analyse risks consistently, and implement appropriate treatment and mitigation measures for timely remediation of cyber and IT vulnerabilities.
• Managing, consolidating and tracking all identified risks, ensuring they are documented, assessed, and mitigated in a timely manner, and maintaining a consolidated risk register for ongoing risk management across various teams, processes, and technology. (Automate wherever possible).
• Planning improvement opportunities to align with the organization's risk appetite and desired level through implementing automation, policy/process document enforcement, and other deliverables to enable business and key drivers.
• Ensuring Cybersecurity & IT Compliance with internal policies, relevant regulations and standards (e.g., NIST CSF, ISO 27001) through continuous automated monitoring and reporting.
• Being the RISK SPOC (Single Point of Contact) for fostering a culture of security, reliability, and efficiency, while minimizing risk and driving efficiency.
SKILLS & ATTRIBUTES FOR SUCCESS:
Excellent stakeholder management
Working knowledge of information security related best practices and standards such as ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements etc.
Understanding of Cloud Security/Compliance/Finops
Experience in the management of risk, controls, and compliance
Knowledge of risk assessment methodologies – qualitative/quantitative
Excellent analytical and problem-solving skills
Excellent presentation making and delivery skills