Associate Information GRC

KEY ROLE SPECIFIC ACCOUNTABILITIES:

Description of the Accountability

Performance Indicators (How accountability is measured)

Manage and maintain the Risk Assessment Framework.

Regular inputs on how to improve the IT Risk framework.

Provide reporting and risk metrics of the risk management activity.

Monthly reporting of risk management activities.

Validate, track and maintain third party risk assessment as per cycle.

Risk reporting and management for each business unit or area of activity.

Manage risk for digital, technology operations and information security.

BISO role supported in communicating risk to their respective lines of business.

Support all security and compliance initiatives for business entities.

Assisting the businesses in understanding IT risk and how best to manage it.

Conduct and report risk assessment and compliance checks as per cycle.

Risk register regularly updated

Provide security and privacy oversight on projects and change requirements for business to ensure appropriate security protection is delivered as part of solution.

Assigned infosec activities within scheduled timelines and track it on PoL (> 90%).

Manage the relationship between information security function and LoB EIT.

Establish quarterly sessions with the LoB EIT for reporting and metrics, emails and MoM to be stored on infosec sharepoint folder.

Requirements

1. 6. PERSON SPECIFIC:

Education:

Diploma/Degree in Comp Sci or equivalent. Should have certifications from recognized security certification bodies such as ISACA, ISC2, etc.

Minimum Experience and Knowledge:

Minimum of 5 years of experience in the IT or Digital risk domain and Information Security domain in a technical, development or assurance role.

Experience working with broad range of common enterprise technologies and security standards and frameworks such as ISO27000, NIST CSF, NESA.

Job-Specific Skills:

Base experience in technology, digital or risk departments and have managed the overall Digital Risk Management and Governance life-cycles.

Knowledge in security, infrastructure and application architecture [Cloud and On-premise], Operating Systems, Networks, Secure Coding standards, software assurance, threat and vulnerability management, MS Azure, Office 365, and third-party security assurance

Soft Skills

Excellent team player and go-to person. Must be able to manage stakeholders across multiple business units and articulate security and privacy risks in simple language.

2. COMPETENCIES:

Leadership:

- Engagement with business with ability to influence

- Engagement with horizontal teams in IT

Functional:

- Expert

Risk Management

IT Security Management

- Advanced

Cyber Security

Systems Development

Infrastructure, Networks and Cloud

Solution design

- Proficient

IT Service Management

IT Project Management

IT Vendor Management

- Developing

SDLC and Software Assurance

Installation and Deployment

1. 6. PERSON SPECIFIC: Education: Diploma/Degree in Comp Sci or equivalent. Should have certifications from recognized security certification bodies such as ISACA, ISC2, etc. Minimum Experience and Knowledge: Minimum of 5 years of experience in the IT or Digital risk domain and Information Security domain in a technical, development or assurance role. Experience working with broad range of common enterprise technologies and security standards and frameworks such as ISO27000, NIST CSF, NESA. Job-Specific Skills: Base experience in technology, digital or risk departments and have managed the overall Digital Risk Management and Governance life-cycles. Knowledge in security, infrastructure and application architecture [Cloud and On-premise], Operating Systems, Networks, Secure Coding standards, software assurance, threat and vulnerability management, MS Azure, Office 365, and third-party security assurance Soft Skills Excellent team player and go-to person. Must be able to manage stakeholders across multiple business units and articulate security and privacy risks in simple language. 2. COMPETENCIES: Leadership: - Engagement with business with ability to influence - Engagement with horizontal teams in IT Functional: - Expert Risk Management IT Security Management - Advanced Cyber Security Systems Development Infrastructure, Networks and Cloud Solution design - Proficient IT Service Management IT Project Management IT Vendor Management - Developing SDLC and Software Assurance Installation and Deployment