Rightwaay talent consulting LLP

ob Summary

We are looking for an enthusiastic and experienced Human Resources Executive with 2-3 years of proven experience. The ideal candidate will possess excellent communication skills and a strong understanding of Risk Management and Cybersecurity principles as they relate to human resources. This role will be crucial in ensuring our HR practices align with our security protocols and contribute to a resilient organizational culture.

Key Responsibilities

• Recruitment & Onboarding:
• Assist in the end-to-end recruitment process, including sourcing, screening, interviewing, and onboarding new employees.
• Ensure all new hires are properly oriented to company policies, including those related to information security and data privacy.
• Policy & Compliance:
• Support the development and implementation of HR policies and procedures, with a focus on integrating risk management and cybersecurity best practices.
• Ensure compliance with relevant labor laws and internal company regulations concerning data handling and employee conduct.
• Training & Development:
• Collaborate with IT and Risk Management teams to develop and deliver training programs on cybersecurity awareness, data protection, and risk mitigation for all employees.
• Identify training needs related to security protocols and facilitate relevant workshops.
• Employee Relations:
• Address employee queries and concerns, providing guidance on HR policies and procedures.
• Assist in managing sensitive employee data securely and confidentially.
• Performance Management:
• Support performance appraisal processes and provide feedback to employees.
• HR Operations:
• Maintain accurate and up-to-date employee records, ensuring data integrity and confidentiality.
• Prepare HR reports and analytics as required.

Qualifications

• Bachelor's degree in Human Resources, Business Administration, or a related field.
• 2-3 years of progressive experience in Human Resources.

Skills & Competencies

• Excellent Communication Skills: Exceptional verbal and written communication abilities, with the capacity to articulate complex concepts clearly and concisely to diverse audiences.
• Risk Management Knowledge: Solid understanding of general risk management principles and their application within an HR context (e.g., operational risk, compliance risk, data privacy risk).
• Cybersecurity Awareness: Demonstrated knowledge of basic cybersecurity concepts, data protection regulations (e.g., GDPR, local data privacy laws), and best practices for securing employee information.
• Analytical & Problem-Solving Skills: Ability to analyze HR data, identify potential risks, and propose effective solutions.
• Interpersonal Skills: Strong ability to build rapport and work effectively with employees at all levels.
• Attention to Detail: Meticulous in record-keeping and policy adherence.
• Proactive & Self-Motivated: Ability to work independently and as part of a team in a fast-paced environment.

Role: Information Security Analyst

Experience: 2–3 years

Location: Mumbai

Requirement Type: Immediate

Key Responsibilities:

1. RBI Compliance & Reporting:

• Prepare and submit quarterly InfoSec compliance reports to the RBI.
• Ensure accurate documentation aligned with RBI guidelines.
• Liaise with internal teams to collect data and supporting evidence.

1. ISO Audit Coordination:

• Act as the primary POC for external ISO 27001 auditors.
• Coordinate audit schedules and handle documentation and evidence.
• Track audit findings and manage follow-ups on corrective actions.

1. Information Security Reporting:

• Maintain InfoSec dashboards and internal/external reports.
• Analyze security metrics and trends to support risk decisions.
• Ensure data accuracy and consistency in reporting.

Must-Have Skills:

• Sound understanding of Information Security practices.
• 2 yrs exp in Cyber security
• Strong communication and coordination skills.
• Proficiency in Microsoft Excel 

Key Responsibilities: Subject Matter Knowledge

● Detailed understanding of various standards and frameworks in information security, cybersecurity, business continuity, privacy, regulatory compliance requirements for various industries (such as ISO 27001, NIST Cybersecurity Framework, ISO 22301, SEBI, RBI, IRDA,, GDPR, CCPA (Data Privacy Regulations)

● Knowledge of Security Domains: Familiarity with key areas of cybersecurity,

including:

○ Network Security (Firewalls, IDS/IPS, VPNs)

○ Cloud Security (AWS, Azure, GCP security principles, container security)

○ Application Security / DevSecOps (Secure coding practices, SAST/DAST)

○ New emerging technologies landscape

○ Identity and Access Management (IAM) (Authentication, authorization,

privileged access)

○ Endpoint Security (Antivirus, EDR, mobile device management)

● Threat Landscape Awareness: Staying current with common attack vectors (e.g.,phishing, ransomware, zero-day exploits), threat actors, and cybersecurity trends.

● Incident Response (IR) Lifecycle: Knowledge of the stages of incident response

(Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned) to manage projects that improve IR capabilities or even help coordinate during a crisis.

● Read, research, build templates and deliverables specific to customer or general templates for the work at hand

Project Lifecycle Management & Ownership:

● Accountable for overall project success, client relationships, profitability, and meeting strategic objectives.

● Primary escalation point for key client stakeholders; building and nurturing

long-term client relationships; identifying new business opportunities.

● Develop project plans, including weekly activity schedules/Sprint planning, ensuring

alignment with project goals and client expectations.

● Monitors overall project timelines; milestones, tracks and ensure billing, address resource conflicts across projects.

Communication & Stakeholder Management:

● Serve as the primary point of contact for the client, maintaining a professional and collaborative relationship throughout the project duration.

● Lead periodic client and internal project calls, communicating progress, identifying

day-to-day issues, and driving resolutions.

● Promptly identify, highlight, and escalate any project challenges, hindrances, or potential delays in milestones to the Management and client, proposing solutions where possible.

Team Leadership & Mentorship:

● Actively mentor and guide consultants working on the project.

● Clearly define and align consultants on their respective tasks, setting precise expectations for quality, timeliness, and output.

● Regularly obtain updates from consultants, providing feedback and directing them for task completion.

PreSales and Business Development

● Actively participates in pre-sales, proposal development, and identifying new business within existing accounts.

● Helps organization ideate new services and business lines

Qualifications:

● Bachelor’s degree in IT, Computer Science, Cybersecurity, or a related field.

● Certiications such as CISA, CISSP, CISM, CEH,etc.

● Good communication skills and a willingness to learn.

What We Look For:

● Strong written and verbal communication skills.

● Expert-level knowledge of the Information Security industry, with a deep and current

understanding of relevant frameworks, threats, and trends.

● Ability to learn and fit into our company culture.

● Proven track record in client relationship management, business development, and pre-sales.

Why Join Us?

● Work with experienced professionals in cybersecurity.

● Enjoy continuous learning and growth in a supportive environment.

Job Description:

We are seeking a highly skilled and motivated GRC Consultant to play a pivotal role in

delivering projects for the implementation of the Governance, Risk, and Compliance framework.

The ideal candidate will take ownership of risk management, compliance monitoring, and

contribute to strategic enhancements for clients.

Key Responsibilities:

● Take a lead role in the ongoing development and enhancement of the GRC

framework.

● Drive the implementation of policies and procedures as required by various

information security/privacy/data security frameworks.

● Implement frameworks such as ISO 27001, ISO 22301, etc., and achieve client

certification.

Risk Management:

● Lead the identification, assessment, and management of risks across diverse

business units.

● Conduct thorough risk assessments and provide strategic recommendations.

● Understand compliance requirements with laws and regulations concerning

information security and privacy.

Training and Leadership:

● Conduct training and awareness sessions for end users and client SPOCs on

information and cybersecurity requirements.

Qualifications:

● Bachelor’s degree in IT or a related field.

● Excellent communication and leadership abilities.

● Candidates with a cybersecurity background only.

● Minimum 2 yrs experience in cybersecurity