“GRC Lead Technology Lead – US”
Full time @Infosys posted 1 week ago in Information Technology (IT) Shortlist Email JobJob Detail
-
Job ID 8933
-
Experience 2 Years
-
Qualifications Degree Bachelor
Job Description
“Infosys is seeking a GRC Lead. This role requires technical proficiency across in the consulting team player in the consulting team that helps design and implement the security policies, compliance framework and will be responsible for managing the enterprise-wide Risk Register. This candidate will strategically address risk and policy governance requirements in line with business outcomes. Leverage cyber security and IT risk management expertise to drive risk reduction and maintain up-to-date, comprehensive risk policies aligned with industry standards and regulations.
Required Qualification
Candidate must be located within commuting distance of Raleigh, NC or Richardson, TX or Hartford, CT or be willing to relocate to these areas. This position may require travel in the US.
Bachelor’s degree or foreign equivalent required from an accredited institution. Will also consider three years of progressive experience in the specialty in lieu of every year of education.
At least 4 years of experience in Information Technology.
At least 3 years of years of experience in Cyber security space, at least lead the risk management program as a GRC practitioner and have administrative knowledge of CyberGRX Third party Risk management tool.
Manage and maintain enterprise-wise Risk register
Responsible for Governance through owning and managing risk policies, standards and guidelines. Including conducting regular reviews with the internal stakeholders and update to address emerging risks and regulatory changes.
Risk Assessment for the in-scope areas as per the directions and guidance’s in line with the clients Risk Management framework and identify the potential risks
Assess risk levels across various security domains through risk assessments, documentation reviews and meetings with respective business stakeholders
Discuss with stakeholders on the risks, risk levels for the identified gaps
Document the risk in risk register and provide remediation recommendation from short and long-term perspective for identified risks.
All applicants authorized to work in the United States are encouraged to apply.
Preferred Qualifications:
Perform Capability Maturity Model (CMM) self-assessments quarterly and update the CMM score on the master template. – Good to have
Drive and support Risk Register automation efforts
Manage and execute the IT/OT Cybersecurity Policies and Procedures development and refresh
Govern the Third-Party Risk Management program
Manage and report on Management Action Plans (MAP)
Publish and manage changes of NIST 800-53 knowledge base articles.
Security qualifications ie., CISSP,CISA,CISM
Experience with a variety of compliance frameworks, such as NIST Cybersecurity framework, ISO 27001, ISO27002 and SOC2.
Solid understanding of regulations, industry standards, and leading practices related to the security of IT infrastructure and cloud as well as data security and privacy.
Excellent communication and collaboration skills to engage with global strategic programs and the business function leaders to drive the security objective.
Working knowledge of NIST 800-53
Working knowledge of ISA/IEC 62443 framework
Experience and desire to work in a Global delivery environment.
The job entails extensive amount of travel. The job also entails sitting as well as working at a computer for extended periods of time. Should be able to communicate by telephone, email or face to face.”
Required skills
Other jobs you may like
-
Senior Advisor, IT architecture
- @ Desjardins
- Montréal, QC H1B 1N8