Website:
crystalpeak.co.in
Job details:
Location: Bangalore/ Pune
Title: Lead ITGC
Budget: 30-35LPA
Experience: 8-13 years
Role Summary:
Manage the delivery of several assurance activities including the Security Assurance Framework (SAF) which is aligned with ISO 27001/2 and CIS compliance benchmarks. Also managing Control testing aligned with ISO 27001 in an effective, timely, consistent, and professional manner.
Key Accountabilities:
• Build a roadmap for completion of the Security Assurance Framework (SAF) by liaising with the multiple stakeholders to gather the information related to security risks, control activities, control effectiveness status, and remediation plan updates to support the update of SAF templates across the Business Units.
• Plan and complete testing within required timeframes and in accordance with established processes and procedures.
• Ensure that testing is accurate, complete, and in accordance with standards and protocols. Communicate test/review results and issues/concerns to leadership, validating and recommending resolutions to issues
• Quality assures the completion of the SAF by challenging any misrepresentation or gaps identified with the owners and ensuring submissions accurately reflect the UK&I security strategy and risk position and can be used as a reliable record of the security control environment.
• Deliver the quarterly SAF submissions to Group Security on a timely basis, ensuring a full review is completed annually (or sooner where there have been material changes).
• Assist the Security Business Units teams in the identification and remediation of control gaps, issues & improvements.
• Communicate control gaps, deficiencies, risk exposures, and changes to the Security risk profile to management and second line of defence, as appropriate.
• Prepare working papers, ensure that documentation appropriately supports the testing conclusions, and document process flows and describe major processes within the area being reviewed.
Domain of Expertise:
• Global Internal Control framework and program: Support 1st line managers and teams to define the approach to describe and operate controls, performing some 2nd line control activities
• IT General Controls: Elaborate testing plan for a specific scope, ensure testing interviews, evidences gathering and documentation of opinion. Participate in reporting to Group Internal Control team, and to other partners when relevant.
• Internal Financial Control Program: Specific and more granular approach than the Internal Control over the financial statements, included in the global testing plan but with specific deadlines and reporting partners.
Preferred Skills:
• Previous business and or IT security and risk experience.
• In depth experience of Security domains would be beneficial.
• ISO27001/2 knowledge and experience essential; Understanding of NIST framework desirable.
• Knowledge and understanding of CIS benchmarks desirable.
• In depth knowledge of one or more sets of business processes, applications or key technologies (e.g. Networks, desktop and mid-range infrastructure, communication technologies) in use within the Company.
• Excellent understanding of systems life cycles and project management.
• Ability to assimilate information quickly, clearly identify key issues and present information concisely.
• Ability to develop and maintain a wide network of contacts across the business.
• Relevant professional qualifications e.g., CISSP, CISM, ISO27001 Lead Implementer/Auditor desirable.
Specific Position Experience:
• Overall work experience between 8-10 years with relevant experience of 8+ years
• Bachelor’s degree required.
Click on Apply to know more.