Information Security: GRC/ISRM Lead
Bengaluru, Karnataka, India; India
⚠️ We'll shut down after Aug 1st - try foo🦍 for all jobs in tech ⚠️
DNEG
We are DNEG - delivering award-winning visual effects, animation, and creative technologies for film, TV, and immersive content.
DNEG’s expanding Information Security (InfoSec), Governance, Risk and Compliance (GRC) and Data Privacy programs have the requirement to add an experienced InfoSec Governance, Risk and Compliance (GRC) Lead to the expanding global team. The role will be responsible for successfully managing and steering the Information Security GRC and Privacy function within DNEG. The InfoSec team are responsible for ensuring that the confidentiality, integrity, and availability (CIA) of its, and client’s, confidential data, PII and systems and services are always maintained. It’s for this reason that an experienced InfoSec GRC function is required to work collaboratively with the team, peers, and business stakeholders to ensure that all the InfoSec GRC initiatives/projects are aligned, maintained, and managed effectively to meet the requirements of both tactical roadmap requirements and to the overall successful delivery of the wider InfoSec strategy. 1. Mandatory Requirements and Expectations
An experienced individual that works in a methodical and concise manner is required to successfully manage the InfoSec GRC and Privacy function at DNEG.
● Experience of working within a highly technical and multi-faceted InfoSec security program.
● Have excellent interpersonal, analytical, assessment and documentation skills which can be effectively utilized to develop and deliver against highly critical and GRC and Privacy assurance requirements.
● Working closely with the Information Security Program Manager (ISPM) to successfully prioritize, steer and deliver the GRC and privacy facets of the InfoSec program.
● Experience of working within multi-faceted audit environment.
● Demonstrable experience of delivering, maintaining, managing, and maturing a global GRC program to meet the requirements of a highly complex environment.
● Excellent track record of working with both internal and client driven auditable environments and ensure that control areas are effectively managed from a risk-based methodology. 2. Duties and Operational Responsibilities
● Manage, maintain, and mature the GRC and function within DNEG.
● Work proactively with the wider InfoSec team to ensure that all GRC and audit deliverables are suitably communicated and documented.
● Be able to work effectively in an independent capacity and as part of the InfoSec team.
● Utilize effective task management, communication, and leadership skills.
● Work in close partnership and collaborate with peers and internal technical teams.3. Job Requirements
3.1 Mandatory Job Requirements
A successful candidate will meet the majority of the requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:
● Five to Ten years, plus/minus, of working within, or leading, a GRC, Data Privacy and audit function.
● Have demonstrable experience with all the following key areas:
● Knowledge of Information/Cyber Security processes and methodologies, e.g., ISO27001, CSA CCM etc.
● Experience of working collaboratively and effectively with a PMO function.
● Document and create qualitative and quantitative reporting relating to the GRC / Data Privacy roadmap.3.2 Desired Job Requirements
A successful candidate will have experience with the desired requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:
● Experience of working with and customizing automated risk management platforms and services.
● Prior experience working within either the film or media industry sector.
● Experience and demonstrable, high-level knowledge, of the following:
● A bachelor’s degree in IT or Computer Science is desirable, but not essential.
● Any of the following Risk Management certifications, e.g., CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor etc.
An experienced individual that works in a methodical and concise manner is required to successfully manage the InfoSec GRC and Privacy function at DNEG.
● Experience of working within a highly technical and multi-faceted InfoSec security program.
● Have excellent interpersonal, analytical, assessment and documentation skills which can be effectively utilized to develop and deliver against highly critical and GRC and Privacy assurance requirements.
● Working closely with the Information Security Program Manager (ISPM) to successfully prioritize, steer and deliver the GRC and privacy facets of the InfoSec program.
● Experience of working within multi-faceted audit environment.
● Demonstrable experience of delivering, maintaining, managing, and maturing a global GRC program to meet the requirements of a highly complex environment.
● Excellent track record of working with both internal and client driven auditable environments and ensure that control areas are effectively managed from a risk-based methodology. 2. Duties and Operational Responsibilities
● Manage, maintain, and mature the GRC and function within DNEG.
● Work proactively with the wider InfoSec team to ensure that all GRC and audit deliverables are suitably communicated and documented.
● Be able to work effectively in an independent capacity and as part of the InfoSec team.
● Utilize effective task management, communication, and leadership skills.
● Work in close partnership and collaborate with peers and internal technical teams.3. Job Requirements
3.1 Mandatory Job Requirements
A successful candidate will meet the majority of the requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:
● Five to Ten years, plus/minus, of working within, or leading, a GRC, Data Privacy and audit function.
● Have demonstrable experience with all the following key areas:
- Lead and mature the existing GRC program to ensure that identified CRM and InfoSec risks are suitably kept within DNEG’s risk tolerance level.
- Highly proficient with Risk Management methodologies and suitable application.
- Lead the assessment, evaluation and define risk mitigation solutions across the business and technical environments and identify areas of improvement.
- Take ownership of the ISMS policy framework and ensure that the control framework is suitable and meets requirements as set forth by industry and client driven audit requirements.
- Conduct onsite security audits and gap analyses across DNEG facilities to assess alignment with security frameworks.
- Mature and further develop the audit program and work collaboratively with peers and stakeholders to ensure that control deficiencies are suitably tracked and ultimately either mitigated or accepted.
- Demonstrable working knowledge of data privacy legislations, e.g., GDPR, and the applicability of applying mandated controls to minimize risk associated with privacy breaches etc.
● Knowledge of Information/Cyber Security processes and methodologies, e.g., ISO27001, CSA CCM etc.
● Experience of working collaboratively and effectively with a PMO function.
● Document and create qualitative and quantitative reporting relating to the GRC / Data Privacy roadmap.3.2 Desired Job Requirements
A successful candidate will have experience with the desired requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:
● Experience of working with and customizing automated risk management platforms and services.
● Prior experience working within either the film or media industry sector.
● Experience and demonstrable, high-level knowledge, of the following:
- Working within either a hybrid or cloud native environment and their associated risks that are applicable within this type of environment.
● A bachelor’s degree in IT or Computer Science is desirable, but not essential.
● Any of the following Risk Management certifications, e.g., CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor etc.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
1
1
0
Categories:
Compliance Jobs
Leadership Jobs
Tags: Audits CIA CISA CISM CISSP Cloud Compliance Computer Science CRISC GDPR Governance ISMS ISO 27001 Privacy Risk management Strategy
Region:
Asia/Pacific
Country:
India
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information System Security Officer jobsSenior Cybersecurity Engineer jobsSystems Engineer jobsSenior Security Analyst jobsSystems Administrator jobsSecurity Operations Engineer jobsSenior Cloud Security Engineer jobsCyber Security Specialist jobsInformation System Security Officer (ISSO) jobsSenior Product Security Engineer jobsSenior Information Security Engineer jobsInformation Security Manager jobsSecurity Consultant jobsSenior Network Security Engineer jobsSecurity Specialist jobsChief Information Security Officer jobsInformation Systems Security Engineer jobsSenior Cyber Security Engineer jobsIT Security Engineer jobsSenior Software Engineer jobsNetwork Engineer jobsCyber Threat Intelligence Analyst jobsSenior IT Auditor jobsCybersecurity Specialist jobsSoftware Engineer jobs
Bash jobsJava jobsEDR jobsEncryption jobsTS/SCI jobsRMF jobsSDLC jobsITIL jobsThreat detection jobsTerraform jobsSplunk jobsIDS jobsTop Secret jobsCompTIA jobsSQL jobsMalware jobsDocker jobsOWASP jobsIPS jobsForensics jobsActive Directory jobsFinance jobsGIAC jobsClearance Required jobsSOC 2 jobs
DoDD 8570 jobsMITRE ATT&CK jobsIntrusion detection jobsOSCP jobsTCP/IP jobsCRISC jobsVPN jobsSOAR jobsHIPAA jobsCCSP jobsJavaScript jobsZero Trust jobsDNS jobsKPIs jobsIT infrastructure jobsIndustrial jobsNIST 800-53 jobsMachine Learning jobsAnsible jobsBanking jobsData Analytics jobsUNIX jobsSOX jobsJira jobsVMware jobs