Website:
mycareernet.co
Job details:
Key Skills: Governance, Risk, and Compliance (GRC), GRC, Third party Risk Management
Roles and Responsibilities:
- Define and execute the enterprise cybersecurity GRC strategy and roadmap aligned with business and risk management objectives.
- Provide leadership and direction to GRC teams covering TPRM, compliance, audits, and policy management.
- Serve as a trusted advisor to senior leadership on cybersecurity risk, regulatory posture, and governance decisions.
- Own the end-to-end third-party risk management program, including vendor due diligence, onboarding, periodic assessments, renewals, and continuous monitoring.
- Define vendor risk tiers, assessment methodologies, and minimum cybersecurity requirements.
- Partner with Procurement, Legal, Privacy, and business owners to ensure vendor risks are assessed, mitigated, and risk-accepted where appropriate.
- Track and report third-party risk findings, remediation status, and risk trends through GRC platforms and executive reporting.
- Lead enterprise cybersecurity compliance programs aligned with HIPAA, NIST CSF, NIST 800-53, ISO 27001, PCI-DSS, SOX, and other applicable regulations.
- Oversee the security control lifecycle including design, implementation, testing, evidence collection, and continuous assurance.
- Coordinate internal and external audits, regulatory reviews, and security attestations.
- Partner with engineering and IT teams to embed compliance and control requirements into technology initiatives.
- Own the cybersecurity policy, standards, and procedures lifecycle including creation, review, approval, publication, and periodic refresh.
- Ensure policies and standards align with regulatory requirements, industry frameworks, and evolving threat landscapes.
- Drive enterprise awareness and adoption of cybersecurity policies through governance forums and change management.
- Govern security exceptions and risk acceptances related to policy deviations.
- Lead cybersecurity risk assessments, risk prioritization, and remediation tracking.
- Define and report GRC metrics, dashboards, and executive-level reporting for leadership and board stakeholders.
- Identify systemic risk trends and drive strategic remediation initiatives across the enterprise.
- Lead, mentor, and develop high-performing GRC teams.
- Collaborate closely with Cyber Engineering, IAM, Cloud, Infrastructure, Privacy, Legal, and Audit teams.
- Communicate complex cybersecurity risk and compliance topics clearly to technical and non-technical stakeholders.
Skills Required:
- Strong expertise in Governance, Risk, and Compliance (GRC) frameworks and practices
- Extensive experience in Third-Party Risk Management (TPRM) lifecycle (vendor onboarding, assessments, monitoring)
- Deep knowledge of cybersecurity regulatory frameworks (NIST CSF, NIST 800-53, ISO 27001, PCI-DSS, SOX, HIPAA)
- Strong understanding of enterprise risk management and risk assessment methodologies
- Experience in cybersecurity policy, standards, and procedures development and governance
- Proven ability to lead enterprise-wide compliance programs and audits
- Experience in managing security control lifecycle (design, implementation, testing, and assurance)
- Strong knowledge of vendor risk tiering, assessment methodologies, and remediation tracking
- Experience in executive-level reporting, dashboards, and GRC metrics
- Strong leadership experience in managing and mentoring GRC teams
- Ability to communicate cybersecurity risks to technical and non-technical stakeholders
- Experience collaborating with cross-functional teams (Legal, Procurement, IT, Engineering, Privacy)
- Strong understanding of risk governance, exception management, and risk acceptance processes
- Experience in audit management, regulatory reviews, and compliance attestations
- Strong analytical and decision-making skills in risk prioritization and mitigation strate
Education: Any Graduation
Note: This role is open for both Hyderabad and Bangalore locations. Candidates currently based in Bangalore who are open to relocating to Hyderabad are also encouraged to apply.
Click on Apply to know more.