IT audit +Risk assessment

What The Role Is

We are looking for an GRC Operations Officer based in Chennai. This is a new role within the growing IT Compliance function, where you will be responsible for handling audits, implementation of information security policies etc,. The successful candidate will be comfortable working with the team on implementing frameworks and providing support for internal and external stakeholders. Reporting to the IT Compliance Officer for our Chennai team, this role is integral to the successful growth of the team as well as wider company performance.  

What You’ll Do

• Contribute and assist with continuous improvement of company policies, practices, and procedures
• Review, modify and maintain existing practices and policies to reflect our operations and values within specific industry-standard frameworks like ISO and NIST, among others
• Provide support for internal and third-party audits
• Respond to due diligence and TPRM requests from customers and other interested parties.
• Support internal staff with GRC-related questions and topics
• Develop, maintain and execute awareness programs
• Be a local representative of the company’s GRC group and manage the physical security requirements for the location
• Work independently and prioritize multiple tasks and adapt to needed changes
• Effectively communicate risks to diverse audiences, both in writing and verbally
• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;

What You’ll Bring

• 2-5 years IT Security, IT risk, IT auditing, and/or IT Compliance experience within a technology company, accounting firm,  or others.
• Bachelor's degree or equivalent work experience working in compliance/GRC team.
• Exceptional organisational skills and attention to details.
• Knowledge of applicable domestic and internationally recognized information security management, governance, and compliance principles, practices, laws, rules and regulations;
• Information systems auditing, monitoring, controlling, and assessment process.

Perks & Benefits: 

• Competitive base salary
• Equity - every employee is a stakeholder in our enormous upside
• A tech-first company culture driven by entrepreneurial thinking and talent
• A great team working in unison towards the same mission
• Transparency is what our product is built on—and so is our culture
• Generous health insurance benefits for employees and their dependents
• Parental leave.
• Flexible work schedule and work-from-home options
• Flexible PTO

Overview:

The Risk Manager will oversee the organization's risk management program, assessing and identifying risks that could impede the reputation, safety, security, or financial success of the organization.

Key Responsibilities:

1. Designing and managing the consumers' credit portfolio and risk within the desired target
2. Driving new experiments with deeper cust understanding and segmentation 
3. Leverage traditional and alternate data to create risk policies and ensure effective implementation 
4. Continuously plans, monitors, and reviews risk management and perform regular checking and/or surveillance to ensure that risk treatment is effective
5. Establish, implement and manage risk policy and control frameworks, ensuring that minimum standards, ownership and operation are documented and communicated across the Group
6. Manage a governance structure to monitor, challenge and test business compliance with risk policies and control frameworks
7. Develop, lead and maintain a center of expertise within 1st line risk management
8. Maintain comprehensive credit policy inventory and facilitate timely periodic review/approval of credit policies
9. Monitor and communicate new regulatory issues/guidance impacting credit policy, analyze the impact, interpret and implement into policy

Education and Experience:

1. Bachelor's degree in Risk Management, Finance, or related field required.
2. At least 7+ of related experience is preferred.
3. Strong knowledge and experience in risk management and policy 
4. Excellent verbal and written communication skills.
5. Excellent mathematical and critical thinking skills.
6. Excellent analytical and problem-solving skills.
7. Excellent organizational skills and attention to detail.
8. Strong supervisory and leadership skills

• 8-10 years of experience into IT SOX, IT Audits, ITGC testing
• Tech, M.Tech, BE, MBA or similar qualification.
• CISA (Certified Information Systems Auditor), Certified Internal Auditor (CIA), Certified Risk and Information Systems Control (CRISC), or similar professional certification preferred.
• Firm understanding of information technology, including IT process, IT general controls, as well as COSO and COBIT frameworks.
• Good technical knowledge of Application security and Access Management
• Hands-on experience on Excel, PowerPoint, PowerBI, etc.

Qualifications & Responsibilities

Year of Experience : 3- 8 yrs

Location : Bangalore, Delhi, Mumbai, Pune

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

Why NCG?

WHO WE ARE DRIVES WHAT WE DO!

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

Are you a Doer or Achiever?

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!