Role
Consultant – Cyber Security Governance Risk and Compliance

Designation
Consultant – Information Security Group

Function
Cyber Security Governance, Risk and Compliance (GRC)

Unit
Information Security Group (ISG)

Reporting to
Manager – Cyber Security Governance Risk and Compliance

Base location
Bangalore

About ISG
Tredence CISO’s office is accountable for Security and Privacy on all aspects of Tredence’s internal and Client facing business. The team in charge of Security - the Information Security Group (ISG) - focusses on all elements of Information Security for the organization working collaboratively with stakeholders from across its business. The team provides internal as well as external stakeholders assurance while confidential data is being handled to meet business objectives.
ISG takes care of implementing, maintaining and reporting of Information Security and its posture using a combination of Policies, Procedures, Guidelines and Cyber Security technology controls on an ongoing basis. The team comprises of two Groups,
1. Cyber Security Governance, Risk and Compliance (GRC) and,
2. Cyber Security Technical Operations (TechOps)

Responsibilities
o In your role, you will partake in all GRC initiatives for the organization working with the GRC sub-teams – Governance, Risk Management and, Policy and Compliance - and all relevant stakeholders
o Help with the development and sustenance of Cyber Security Metrics Program as well as the tracking of all mitigations and Projects to closure
o Assist the team in designing, implementing, maintaining and continuously improving the Information Security so as to ensure a robust and scalable GRC program
o Handle initiatives such as, but not limited to, Cyber Security Strategy, Strategic Plan, Cyber Security Governance Framework, Cyber Security benchmarking, handling of Cyber Security Audits, Security Councils and Reporting, Program Management Office (PgMO), Cyber Security Skill Management, External and Internal Cyber Security branding, Information Security Risk Management, Supplier Risk Management, M&A Cyber Security, Cyber Security Regulatory Compliance, ISMS and BCMS Management, Cyber Resilience Program and the Organizational Security Culture

Knowledge expectations
o You come with up to 5 years of working experience in Information Security
o You have a working knowledge of applying pragmatic security controls in leading Information Security Standards and Frameworks such as, but not limited to, Information Security Management System (ISO 27001), Business Continuity Management System (ISO 22301), NIST Cyber Security Framework (NIST), NIST 800-53, PCI DSS, HIPAA, SSAE-18 SOC 1 or SOC 2 and SoX controls, having driven various implementation and compliance initiatives related to the same
o You have working knowledge on applying essential security controls in one or more of the following Cloud platforms – Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP)
o You stay informed on the latest on Information Security and the dynamic regulatory landscape

Required education and certifications
o You are an Engineering graduate, have an equivalent or higher education
o You have acquired one or more of the following certifications – CISSP, CRISC, CISM, CCSP, ISO 27001 Lead Implementer / Auditor, ISO 22301 Lead Implementer / Auditor, Azure, AWS and GCP Certifications

Skills expectations and others
o You have great attention to detail, strong communication and collaboration skills
o You come with a mix of technical, analytical and problem-solving skills
o You come with a mindset of helping improve the Information Security Program at all times
o You are an avid learner which you continuously look at imbibing and applying on the job
o You are a self-starter, a go getter and an innovative thinker with a positive attitude