11+ GRC Jobs in India

About Alphanext

Welcome to Alphanext, a leading provider of talent solutions headquartered in London, with operational bases in Pune and Indore. With a strong focus on the global technology community, we are dedicated to connecting exceptional talent with innovative organizations around the world.

The Role

As our new ServiceNow Technical Architect, you'll play a vital role in shaping and executing our ServiceNow platform strategy to drive innovation and ensure seamless service delivery across our global operations.

Key Responsibilities

• Defines, guides, and supports the execution of Alphanext clients' technical governance processes
• Assists in developing standards and practices for maintaining the health of Alphanext clients' ServiceNow platforms
• Supports design and implementation of a platform operating model to achieve Alphanext clients' desired outcomes and foster end-user adoption
• Provides technical evaluation of demands against Alphanext clients' ServiceNow platform architectures, platform capabilities, and best practices
• Guides ServiceNow Platform design, including considerations for integration and performance for Alphanext clients
• Assesses architecture and solution designs to support Alphanext clients' objectives including alignment with ServiceNow implementation best practices
• Offers guidance on prototyping and accelerating time from design to deployment for Alphanext clients
• Provides technical guidance in platform development and platform-wide solutions for Alphanext clients
• Advises on configuration and coding standards for Alphanext clients
• Supports remediation of configurations not aligned to ServiceNow best practices for Alphanext clients
• Assesses instance health (performance, manageability, usability, scalability, upgradability, and security) by conducting ServiceNow HealthScan for Alphanext clients

Experience you should have 

• ServiceNow System Administration Certification (mandatory)
• ServiceNow HR, CSM and ITIL Foundation certification
• Experience in the following ServiceNow modules:
• ITOM – CMDB, Discovery, Service Mapping
• ITBM – Project Portfolio Management, Release Management, Agile
• HRSD (HR Service Delivery) and Finance
• GRC – Governance, Risk, and Compliance
• CSM – Customer Service Management module exp (Mandatory)
• ITSM – Incident Management, Problem Management, Change Management, Knowledge Management, Service Portal, Service Catalog
• Expertise in Client Scripts, UI Policy, UI Scripts, Script Includes, Business Rules, Scheduled Jobs
• Possess good communication skills
• ITIL Foundation Certification would be a plus or can do before joining
• Implementation Specialist certification would be a plus

The Impact You'll Make

• Establish an enterprise-wide technical architecture and implementation strategy setting the foundation for Alphanext customer's enduring ServiceNow success.
• Drive standardization and best practice platform management, enabling customer to focus on value delivery.
• Institute technical governance to optimize platform performance and minimize long-term technical risk.
• Enable rapid upgrades to new features and innovation that drive new value for Alphanext and it's customer. 
• Build a platform team focused on delivering value and innovation.

Location: Abu Dhabi, United Arab Emirates (UAE)

Nationality: Any

Desired Experience: 10+ years

Job Description :

To guide and advise customers on building SOC-related services from scratch or assist in improving existing services. To assess the maturity and capability of services in scope and propose improvements. Closely working with other SOC teams, and assisting them in achieving their goals. To work closely with the rest of the Advisory team and exchange knowledge and experience.

What You’ll Do

• Deliver high-level strategy and executive advisory services.
• Lead client engagements in security advisory at the highest strategic level.
• Establish and align business principles and objectives to the long-term security operational vision by applying tactical guidance for various information security operating models.
• Perform SOC maturity assessments and build precise roadmaps based on the goals and objectives of the organization.
• Provide clients with guidance during the Initial Operating Capability (IOC) through full operational capability (FOC) covering key aspects of SOC domains such as business, process, governance, technology, people, and services.
• Create and build on the concept of operations (ConOps) in the pre-work stages that strategically prepare the client for the successful implementation of security technology and operations.
• Assist clients with recommendations in different advisory stages, such as creating security operations strategy (SOC Charter), developing training programs, assisting with use case framework implementation, developing standard operating procedures, and applying service/integrated frameworks.
• Possess the ability to identify the client's problems and use common consulting management skills such as facilitation, gap analysis, interviewing, and engaging in multiple workshops with key stakeholders.
• Collaborate with clients to define services and build technology strategies as part of the build, plan, and design phases of security operations.
• Perform as a subject matter expert (SME) in strategy conversations with C-level panels to provide exceptional IT/OT/Cloud/Physical security, compliance, regulations, and industry best practices that promote the overall mission and vision of the organization.
• Maintain a good understanding of security trends and methods for pinpointing cyber and physical security solutions that fit the client's business, financial, and technological objectives.
• Identify, build, and create cyber solutions to address security issues, perform security operations content reviews, draw conclusions, and develop strategic guidance.
• Assess and develop the current security operation effectiveness by reviewing operating procedures, workflows, policies, frameworks, and operational reporting.
• Consistently contribute towards industry-specific offerings/professional security forums/internal departmental blogs/publications/develop thought leadership.
• Contribute to the proposal process for SOC Advisory services while collaborating with other internal group members to solidify the sales pitch approach.

What you bring to the table

• 10+ years of extensive IT Security / IT Consultancy/client-facing roles related to SOC/Security operations projects (Cybersecurity Managers, IT Security Engineers, Security Analysts, Senior/Principal Security Analysts)
• Experience in SOC strategy, roadmap and documentation development, adapted to client organization (Services catalog, Security Incident Response management plan, playbooks)
• Possess the ability to support the vision and mission of any organization's security program.
• Retained proficiency in delivering high-quality and high-level strategic and advisory services.
• Possesses certifications related to enterprise information security frameworks and/or compliance, regulation-type frameworks.
• Experience in understanding complex activities and relationships quickly, assessing business and delivery risks, and communicating them effectively.

Benefits

• Schooling
• Flight & visa allowance for self and family
• Mobile Allowance
• Insurance for self & Family
• Life Insurance for self

Job Code: DSSR0001

Experience: 4+ years 

Shift: UK (2 pm to 11 pm)

Work Location: Chennai / 100% work from the office.

Job Description: 

ServiceNow is a cloud-based platform that provides IT services management (ITSM), IT operations management (ITOM), and other business process automation solutions. The role involves designing, developing, and maintaining applications on the ServiceNow platform. They have expertise in customizing and configuring the ServiceNow platform to meet the specific needs of the business. 

Responsibilities:

• Integration and Automation: Integrate ServiceNow with external systems, applications, and tools using REST/SOAP APIs, MID Server, and scripting languages like JavaScript. Automate processes and workflows to streamline IT service delivery and enhance operational efficiency.
• Testing and Documentation: Develop test plans, perform unit testing, and assist with user acceptance testing (UAT) to ensure quality and functionality of ServiceNow solutions. Create and maintain technical documentation, including design specifications, configuration guides, and process documentation.
• System Configuration: Configure ServiceNow modules, tables, fields, forms, views, notifications, and other system components to meet business needs. Define and maintain data models, access controls, and user roles within the ServiceNow platform.
• Develop and maintain ServiceNow applications using JavaScript, HTML, CSS, and other scripting languages.
• Data Governance, Data Reporting, Service Now Dashboards development, ITIL Process Architecture, Regulatory Systems and documentation Exp.
• Create and manage ServiceNow service Catalog items, workflows, and catalog tasks. 
• Integrate ServiceNow with other systems and applications using APIs and web services. 
• Platform testing, debugging, and troubleshooting of ServiceNow applications and workflows.
• Provide technical expertise and guidance to the ServiceNow development team. 
• Stay updated with the latest ServiceNow features, releases, and best practices.

Requirements:

• Bachelor’s or Master’s degree in computer science or a related field.
• A background in software development, engineering, IT business administration, Agile/SAFE, databases, or similar.
• Strong experience in Service Now CMDB Development.
• CMDB - API based data integrations, CSDM 4.0, Service Now Discovery and ITOM experience, Cloud - AWS, Azure Discovery, Service Mapping Exp, IRE Exp.
• Proven development and delivery of Security & Risk/GRC development in client environments.
• ServiceNow CIS certification in Risk & Compliance, GRC.
• Experience with key technologies relevant to ServiceNow integration solutions including SSO, SAML, SSL, Web Services, LDAP, JDBC, ODBC, REST, SCP, FTPS.
• ServiceNow Certified System Administrator (CSA)
• ITIL Foundations Certification
• Quick learner, self-motivated and can work independently.
• Strong verbal, written communication skills and a collaborative problem-solving style.

• Guiding team member for handling technical challenges
• Conducting training sessions
• Handling user issues and providing corrective solution
• Fixing of the vulnerabilities and Upgrades of new stable version
• Sustenance and maintenance of Archer tool
• Good scripting knowledge

• Certified RSA Archer Professional, Internal Audit & Controls, Risk (Threat), ISO 27001
• Minimum of 5 years’ experience in the respective field
• Experience of managing a GRC Team
• Strong experience of implementation, commissioning and enhancement of modules of GRC Product
• Strong Understanding of Process workflows, Identifying the manual workflows
• Expertise in configuring GRC tool (Archer)
• Experience with all SDLC activities related to GRC program implementation

Dear Candidate,

Greetings from HCL Technologies Ltd.

• Make sense of Cyber security and compliance frameworks that apply to your business or industry
  • Identify business risks, taking into account the role of your hosting service provider
  • Determine which Cyber security controls are required to mitigate your identified risks
  • Improve collaboration and communication during Cyber security Incident mitigation and response.
  • Establish the necessary framework based on NIST Framework to maintain and continually improve your information security program over time based on evolving scope and emerging risks
  • Document and track efforts for evidence collection and audit preparation

• will have primary responsibility for coordinating and implementing effective Cyber Security management across the account. This role will ensure that all Supplier obligations are met regarding compliance with Security guidelines, data protection, regulations, Supplier policies, and key controls.
• provide implementation and ongoing operation of Security management framework;
• be responsible for coordinating activities to address the key Security risk exposures;
• ensure Security awareness training of, and assistance in the implementation of robust Security management practices across Security operations;
• direct the design of controls to address emerging or new Security risk and compliance requirements;
• carry out regular and frequent assurance reviews of the design and operating effectiveness of Security controls;
• implement, monitor and report on key Security risk indicators to identify and address emerging risks;
• coordinate with other Service Providers and Security functions, to facilitate client’s audits and inspections;
• manage and report on responses and actions to address Security audit points, inspection deficiencies, or control weakness identified during normal operations.
• review outcome of cyber security risk assessment, timely implement open action items and report progress to stakeholders
• incorporate vulnerability testing as an integral part of change management
• Should have good knowledge of Cyber Security Framework and controls
• CISA ,CISM or CISSP certification should be preferred.
• Have good understanding of Security policy and process along with ITSM process.

Job description – Information Security (Network)

Roles and Responsibilities

Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills

Work profile of individual

• As part of the company cyber security consulting team, individual’s primary role would be to work with ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
• Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
• Will be an active participant in internal / third party system security reviews and audits on customer engagements
• Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
• Will be responsible for implementation of new projects under Information Security Domain
• Will be able to manage document tracking and updating - policies, processes, procedures, templates etc.
• Will assist in development of proposals by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
• Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
• Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
• Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.

Team work

• Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
• Individual would predominately work with off-shore engagement teams and relevant  teams on presale and cyber security delivery.
• Communication, written and verbal, with these teams would be expected.
• Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
• Team members would be required to handle multiple tasks at the same time.
• Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.

Desired Candidate Profile

• Bachelors
• Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
• Experience : 3-5 years
  
  

Knowledge Required:

• Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
• Good understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
• Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
• Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
• Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
• Good knowledge on Privacy, Governance and reporting
• Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
• Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
• Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.

Additional Responsibilities:

• Ability to assist in value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
• Good knowledge on software configuration management systems and license Management systems
• Awareness of latest technologies and Industry trends
• Logical thinking and problem solving skills along with an ability to collaborate
• Understanding of the financial processes for various types of projects and the various pricing models available
• Ability to assess the current processes, identify improvement areas and suggest the technology solutions
• One or two industry domain knowledge
• Client Interfacing skills
• Project and Team management

Job description- Information Security(Financial)

Roles and Responsibilities

HTC Global Security Delivery Centre will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills

Work profile of individual

• As part of the companyC Global cyber security consulting team, individual’s primary role would be to be a part of ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS, Cyber Security, SOX ITGC on customer engagements
• Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
• Will be an active participant in internal / third party system security reviews and audits on customer engagements.
• Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
• Will be able to manage document tracking and updating - policies, processes, procedures, templates etc.
• Will assist in developing proposals by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
• Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.

Team work

• Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
• Individual would predominately work with off-shore engagement teams and relevant HTC Territory teams on presale and cyber security delivery.
• Communication, written and verbal, with these teams would be expected.
• Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
• Team members would be required to handle multiple tasks at the same time.
• Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.

Desired Candidate Profile

• Bachelors
• Certifications (ISO 27001/ ISO 31000/ or equivalent and other relevant qualification/certification
• Experience : 3-5 years
  
  

Knowledge Required:

• Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
• Understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
• Sound knowledge of Internal financial Controls and Compliance. Must be able to recommend controls around people, process, and technology.
• Sound knowledge of General Leger / Balance Sheet / Journal Entry / Budgeting / Financial fraud
• Sound knowledge on business controls and process controls. Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
• Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
• Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
• Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.

Additional Responsibilities:

• Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
• Good knowledge on software configuration management systems and license Management systems
• Awareness of latest technologies and Industry trends
• Logical thinking and problem solving skills along with an ability to collaborate
• Understanding of the financial processes for various types of projects and the various pricing models available
• Ability to assess the current processes, identify improvement areas and suggest the technology solutions
• One or two industry domain knowledge
• Client Interfacing skills
• Project and Team management

What The Role Is

We are looking for an GRC Operations Officer based in Chennai. This is a new role within the growing IT Compliance function, where you will be responsible for handling audits, implementation of information security policies etc,. The successful candidate will be comfortable working with the team on implementing frameworks and providing support for internal and external stakeholders. Reporting to the IT Compliance Officer for our Chennai team, this role is integral to the successful growth of the team as well as wider company performance.  

What You’ll Do

• Contribute and assist with continuous improvement of company policies, practices, and procedures
• Review, modify and maintain existing practices and policies to reflect our operations and values within specific industry-standard frameworks like ISO and NIST, among others
• Provide support for internal and third-party audits
• Respond to due diligence and TPRM requests from customers and other interested parties.
• Support internal staff with GRC-related questions and topics
• Develop, maintain and execute awareness programs
• Be a local representative of the company’s GRC group and manage the physical security requirements for the location
• Work independently and prioritize multiple tasks and adapt to needed changes
• Effectively communicate risks to diverse audiences, both in writing and verbally
• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;

What You’ll Bring

• 2-5 years IT Security, IT risk, IT auditing, and/or IT Compliance experience within a technology company, accounting firm,  or others.
• Bachelor's degree or equivalent work experience working in compliance/GRC team.
• Exceptional organisational skills and attention to details.
• Knowledge of applicable domestic and internationally recognized information security management, governance, and compliance principles, practices, laws, rules and regulations;
• Information systems auditing, monitoring, controlling, and assessment process.

Perks & Benefits: 

• Competitive base salary
• Equity - every employee is a stakeholder in our enormous upside
• A tech-first company culture driven by entrepreneurial thinking and talent
• A great team working in unison towards the same mission
• Transparency is what our product is built on—and so is our culture
• Generous health insurance benefits for employees and their dependents
• Parental leave.
• Flexible work schedule and work-from-home options
• Flexible PTO