Position/Title: Lead - GRC

Department: Information Technology

Level: Full-time

Location: Bangalore

Experience: 10-15 years

About Aeries

Aeries Technology is a Nasdaq listed (AERT) global professional services and consulting partner, with offices in the USA,

India, Mexico, Singapore, and UAE. We provide Private Equities, its Portfolio Companies and mid-market companies with the right mix of deep vertical specialty, functional expertise, and the right systems & solutions to scale, optimize and transform their business operations with unique customized engagement models. Aeries is Great Place to Work certified by GPTW Institute, reflecting our commitment to fostering a positive and inclusive workplace culture for our employees.

Read about us at: https://aeriestechnology.com/careers/

Job Objective

Responsible for Governance, risk, compliance, ISO Policies, audits and process maturity.

  Key requirements -

• Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements.
• Assist with implementation of ISMS across the organisation entities.
• Good understanding of the security technologies such as DLP, NGAV, EDR, CASB, Firewall, Proxy, Email ATP, WAF etc.
• Well versed with well-known security frameworks such as ISO 27001:2013 / NIST CSF / PCI DSS / ISO 22301 / STRIDE / MITRE etc.
• Ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
• Assess efficacy of security controls, document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
• Ensure third party security assessments - Assist with Third Party Risk Management framework including policy updates, procedures, due diligence questionnaires and the monitoring of third parties’ adherence to information security and data privacy obligations.
• Develop relevant metrics, analyse data, identify trends and help drive improvements to the control environment.
• Remains current on best practices and technological advancements
• Drive security awareness program across the organisation

Knowledge:

·      Applicable information security management, governance, and compliance principles, practices laws, rules and regulations

·      Well versed with well-known security frameworks such as ISO 27001:2013 / NIST CSF / PCI DSS / ISO 22301 / STRIDE / MITRE etc.

·      Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols

·      Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, etc.

·      Good understanding of the basic security technologies such as DLP, NGAV, EDR, CASB, PIM/PAM, Firewall, Proxy, Email security, Cloud Security, WAF etc.

·      Information systems auditing, monitoring, controlling, and assessment process

·      Incident response management

·      Risk assessment and management methodology

Skills:

·      Strong security mindset

·      Developing and implementing enterprise governance, risk, and compliance strategy and solutions

·      Questions status quo and navigates through roadblocks

·      Security project management and planning

·      Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions

·      Using judgment and ingenuity in maintaining objectives and technical standards

Ability:

·      Self-motivating and able to work under own initiative.

·      Professional with a strong work ethic.

·      Able to thrive in a highly pressurised and changing environment.

·      Diplomatic with the ability to interact successfully with all levels of the business.

·      An ability to translate security requirements and standards into easily understood business concepts and vice versa.

Qualification:

• Must have GRC experience for at least 10-15 years.
• Experience of leading an ISMS as part of an ISO27001 certified programme.
• Excellent interpersonal skills, comfortable working at all levels within an organisation and in a wide variety of situations.
• Relevant industry certification such as ISO 27001 Lead Auditor, CISSP / CISA / CISM / CCSP etc. (at least two) is highly desirable.
• Broad level of knowledge of security and risk issues and techniques across platforms.

The Job responsibilities of the candidate shall include but not limited to the Job Description & to perform any other tasks/functions as required by the Company.