Job Description

Position Overview:

We are seeking a motivated and skilled Information Security Risk Manager with a strong background in information security Risk management willing to take on challenging assignments. The successful candidate will play an essential role in executing and optimizing Risk management framework, focusing on identifying, assessing, and mitigating information security Risks. This mid-level role requires both technical knowledge and effective communication skills to articulate complex security and Risk concepts to varied stakeholders. The role demands an understanding of regulatory requirements (e.g., UAE Information Assurance) and industry standards (e.g., NIST Risk Management Framework (RMF), ISO 31000, ISO 27001) along with practical experience in information security and Risk management. The candidate should have relevant experience, knowledge and skills to take up the below mentioned roles and responsibilities.

Please Note: This is an individual contributor role and will require you to work in the UAE for the initial 6 months. After that, it will be a work from office from Bangalore location. Also, this role involves travel within and outside India.

 Role Description:

• Conduct Information Security Governance, Risk & Compliance (GRC) consulting projects for customers globally using various International, National and Sectoral standards like PCI-DSS, ISO 27001, NIST CSF, RBI CSF, IRDA, NPCI, UIDAI etc.
• Define, document, implement, and refine information security management frameworks within client organizations. This includes Information security strategy, policies, procedures, standards, guidelines, SOPs, forms, templates, etc.
• Document/update Risk management methodology supported by a threat-vulnerability assessment in collaboration with key stakeholders within the organization.
• Assist in the implementation/maintenance of information security policies and procedures in compliance with governance, legal, contractual, or internal requirements.
• Conduct comprehensive Risk assessments in close coordination with internal and external stakeholders to enable informed decision-making by stakeholders while keeping business objectives paramount.
• Provide expert guidance to stakeholders in other departments for appropriate Risk treatment, monitoring and review.
• Review Cybersecurity and Risk aspects of business cases, IT application/infrastructure changes, project proposals, requirements, solution designs, and system architectures.
• Create and promote security awareness campaigns and conduct information security awareness programs to enhance the information security knowledge of staff and management on the latest threats and vulnerabilities.
• Effectively handling Project management, Team management and delivery management.
• Train the internal team on GRC & Risk assessment.
• Participate in presales meetings with prospective customers and offer specialized GRC and Risk management consulting services.
• Monitor and review information security compliance.
• Coordinate with the customer IT project management department, vendors, and consultants to build an effective security program.
• Lead annual planning, information security architecture, and governance reviews for customer organizations.

Educational & Professional Credentials

• Bachelor’s or Master’s degree in IT, ECE, Computer Science, or related field.
• Required: Any of the following certifications: CISSP, CISA, CISM, CRISC, CGEIT, GRCP, or GRCA.
•  Good to have: ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, IAPP Certified, CDPSE, CCSK, CCSP, CCAK, ISO 27701 privacy, ISO 20000, PCI QSA, ISO22301.

Required Knowledge & Skills

Risk Management:

• Knowledge of Risk management principles and conducting end-to-end Risk Management.
• Identify, assess, and prioritize information security Risks across the organization.
• Develop and maintain Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to monitor and measure Risk levels and the effectiveness of Risk management efforts.
• Recommend and track the implementation of Risk mitigation strategies and controls.
• Conduct frequent Risk assessments and reviews to ensure the effectiveness of controls.
• Monitor and report on the status of Risk management activities and initiatives.
• Recommend enhancements to Risk assessment methodology.
• Maintain the Risk register within the GRC platform, ensuring it is updated with high- quality, relevant content.
• Experience with information security architectures and security assessments.
• Familiarity with systems, database, network, and application security will be an added advantage.

Governance:

• Strong knowledge of GRC/Risk Management standards/frameworks such as ISO 27001, ISO 31000, ISO 27005, NIST RMF, CSF and regulatory frameworks like UAE’s Information Assurance Standard, RBI CSF, etc.
• Assist in enforcing information security policies, procedures, and standards.
• Contribute to the maintenance of a governance framework for managing information security Risks.

Collaboration:

• Provide expertise and guidance on information security matters to key stakeholders, fostering strong working relationships across departments.
• Serve as a liaison and advisor to customer IT project management, vendors, and consultants.

Continuous Improvement:

• Stay informed on emerging trends, threats, and technologies in information security.
• Recommend and implement improvements to the Risk management framework, tools, and methodologies.

Compliance & Risk Assessments:

• Conduct independent security Risk assessments to support informed decision-making aligned with business objectives.
• Review the security aspects of business cases, IT applications, infrastructure changes, project proposals, requirements, solution designs, and system architectures.
• Conduct ISO 27001, PCI-DSS, and other compliance assessments as needed, especially for banking information security audits.

Security Awareness:

• Design and conduct innovative information security awareness programs to educate employees and management about current threats and security best practices.
• Train and mentor, the internal team and clients on GRC, Risk assessment, and information security frameworks.

Project & Delivery Management:

• Oversee project management and delivery for assigned teams, ensuring alignment with client requirements and quality standards.

Next Steps

If you are interested in this role, please email your latest profile/ resume, your current salary and expected salary to neha.acharekar@riskpro.in

About Riskpro

Riskpro India is a specialized Risk Management consulting company. It is managed by experienced professionals with experiences across various industries. With offices in Mumbai, Delhi, Bangalore, Chennai, Pune and Kolkata, we are one of the fastest growing risk consulting firms in India. We are since 12+ years in business, serviced 850+ clients in 7+ cities with 500+ cities associate representation, 90+ team members with 10 Strategic partners.

Our 5 Business Verticals:

• Risk Advisory – We conduct Risk based internal audits, SOPs, ERM, legal compliance audits, IFC, Risk Library, etc.
• IT Advisory – We conduct IT audits, GDPR, SSAE18, HIPAA compliance, 21 CFR, etc.
• GRC Technology – We provide software for Compliance management, Internal audit, Risk management, Contract management, Vendor Risk Management, etc.
• GRC Trainings – We conduct in-person/online trainings on topics like ERM, Risk assessment, AML, Fraud risk, Information security among others.
• GRC Recruitment - We provide full/part time internal auditors, Virtual risk managers and independent directors for corporates.

Please feel free to visit our website www.riskpro.in for more details.

Why Riskpro

Riskpro provides a platform for people to associate with us. When you associate with Riskpro, you can build your own set of clients and leverage the brand to get clients, business for yourself. It is one of its kind business models that offers you the flexibility and freedom of an independent professional, as well as the corporate and brand backing of an established firm.