Lead Information Security- GRC

Lead Information Security - GRC

Are you our “TYPE”?

  Monotype Global

Named "One of the Most Innovative Companies in Design" by Fast Company, Monotype brings brands to life through type and technology that consumers engage with every day.  

The company's rich legacy includes a library that can be traced back hundreds of years, featuring famed typefaces like Helvetica, Futura, Times New Roman and more.  

Monotype also provides a first-of-its-kind service that makes fonts more accessible for creative professionals to discover, license, and use in our increasingly digital world. We work with the biggest global brands, and with individual creatives, offering a wide set of solutions that make it easier for them to do what they do best: design beautiful brand experiences. 

  Monotype Solutions India 

Monotype Solutions India is a strategic center of excellence for Monotype and is a certified Great Place to Work® three years in a row. The focus of this fast-growing center spans Product Development, Product Management, Experience Design, User Research, Market Intelligence, Research in areas of Artificial Intelligence and Machine learning, Innovation, Customer Success, Enterprise Business Solutions, and Sales. 

Headquartered in the Boston area of the United States and with offices across 4 continents, Monotype is the world’s leading company in fonts. It’s a trusted partner to the world’s top brands and was named “One of the Most Innovative Companies in Design” by Fast Company.  

Monotype brings brands to life through the type and technology that consumers engage with every day. The company's rich legacy includes a library that can be traced back hundreds of years, featuring famed typefaces like Helvetica, Futura, Times New Roman, and more. Monotype also provides a first-of-its-kind service that makes fonts more accessible for creative professionals to discover, license, and use in our increasingly digital world.

What you’ll be doing:

Key responsibilities

Governance and Compliance Management

• Implement and maintain the Information Security Management System (ISMS) in accordance with the ISO 27001 standard.
• Develop, update, and enforce governance frameworks, policies, and standards to ensure consistency and alignment across the organization.
• Align security policies with organizational requirements, including contractual, regulatory, and business needs.
• Drive adherence to industry-standard compliance frameworks, with a focus on ISO 27001, SOC 2 and PCI -DSS.
• Facilitate external audits and certifications, ensuring preparedness, compliance, and successful outcomes.

Risk Management

• Identify, evaluate, and mitigate risks through periodic risk assessments and maintain an up-to-date risk register.
• Collaborate with cross-functional teams to prioritize and address risk remediation plans.

Internal and External Audits

• Plan and execute internal audits to ensure compliance with organizational policies, standards, and frameworks.
• Serve as the primary point of contact for external auditors, coordinating all audit activities and facilitating the timely resolution of audit findings.

Operational GRC Activities

• Oversee day-to-day GRC operational activities, ensuring the program operates effectively and efficiently.
• Develop GRC metrics and dashboards to report compliance and risk status to stakeholders.

Business Continuity and Incident Management

• Develop, implement, and maintain the organization's Business Continuity Plan (BCP).
• Test and update continuity plans regularly to ensure preparedness for disruptions.

Security Awareness Programs

• Design and deliver organization-wide security awareness initiatives to promote a culture of compliance and risk awareness.
• Provide targeted training to employees to address identified risks or compliance gaps.

RFP/MSA Reviews and Compliance Support

• Review and respond to Requests for Proposals (RFPs) and Master Service Agreements (MSAs) to ensure compliance with security and regulatory standards.
• Support the sales and procurement teams in addressing customer and vendor compliance queries.

Documentation and Reporting

• Maintain comprehensive documentation of GRC policies, processes, and activities.
• Create and present detailed reports on compliance status, audit findings, and risk mitigation efforts.

What we’re looking for:

Monotype is seeking a highly motivated and experienced Governance, Risk, and Compliance (GRC) Lead to join our team. The GRC Lead will be instrumental in enhancing our GRC program, ensuring the organization meets its compliance, risk management, and operational governance goals. This role will focus on managing compliance frameworks, conducting security audits, driving security policy adherence, and implementing risk management strategies. The ideal candidate will have a solid background in ISO 27001 standards, governance policies, and business continuity, coupled with strong communication skills to lead security awareness initiatives and respond to RFP/MSA requirements.

Experience

• 7–10 years of experience in a GRC, risk management, or security compliance-focused role.

Skills

• Hands-on experience managing and maintaining certifications such as ISO 27001, SOC 2, and PCI-DSS
• Excellent knowledge of risk management principles and frameworks. (ISO27005, ISO31000)
• Proficiency in planning and conducting internal and external audits.
• Proficiency in formulation and ensuring adherence to security policies, procedures, and regulatory compliance.
• Strong management and communication skills with a demonstrated ability to influence and enhance the security culture across an organization.
• Proven analytical and problem-solving abilities with a proactive approach to identifying and managing security risks.
• Collaborative mindset with the ability to work effectively alongside cross-functional teams, including HR, Business Operations, legal, compliance, and other business units.
• Strong project management and organizational skills.
• Excellent verbal and written communication skills.

Qualifications

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Relevant certifications such as CISSP, CISM, CISA, ISO27001 Lead auditor or equivalent are highly desirable

Location

   Noida

Reporting to

Chief Information security Officer

Monotype is an Equal Opportunities Employer. Qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

•Monotype is expanding globally. Proficiency in one or more of the following languages is desirable (not mandatory) for this role: German, Japanese, French, Spanish.

#LI-DNI