Job Title : GRC SpecialistLocation : Bengaluru/Chennai (Remote)Experience : Above 8+Skills : Governance, Risk, Compliance, Information Security Governance, Risk Management and Compliance Programs.Job Description :ESSENTIAL DUTIES AND RESPONSIBILITIES:Responsible for analyzing and implementing risk and compliance management frameworks, policies, standards, and best practices in support of the Information Security Governance, Risk Management and Compliance Programs.Provide security expertise and guidance around security issues and recommend solutions to mitigate and eliminate compliance risks to MFX internal and client information assets.Develop and manage the Internal Audit team, third party risk and compliance management process.Drive client engagements relating to compliance requirements and from relevant regulations such as CIS, SOC 1 & SOC 2, PCI, ISO 27001, FISMA, CCPA, NY CRR 500 and GDPR requirements.Ensure effective and efficient control design, implementation, and testing procedures.Evaluate internal control gaps and deficiencies and propose remediation strategies; monitor timely resolution.Establish metrics and reporting strategies to communicate status, demonstrate progress, and build awareness and accountability around control performance.Identify process and control improvement / automation / consolidation opportunities.Work directly with internal and external auditors on audit-related activities including planning and oversight of audits, walkthroughs, testing and documentation of findings, issue remediation and follow-up.Work directly with process and control owners to provide support, education, and recommendations for strengthening the internal control environment.Lead information security risk and controls program strategy, design, development, implementation, and communicationDevelop and maintain information security policies, procedures, and standards.Knowledge and Skills :The successful candidate will have a proven track record 8 - 10 years combined experience in IT.Candidate should have at least last 7-10 years in GRC (Risk, Audit and Compliance) vertical, in which last 3 years as a lead.Exceptional knowledge on SOC 1 and SOC 2, CIS Controls, ISO 27001, PCI DSS, HIPPA and GDPR (experience is especially important on SSAE18 SOC2 and US privacy regulations).Hands-on knowledge with any GRC tool will be an added advantage.
