t a n l a
Connecting
people and things
Manager - IT Governance, Risk & Compliance
Chennai

Role: Manager – GRC

Location: Chennai

Policies & Documentation Standards

  • Design and development of security policies, standards, and procedures in accordance with organization goals.
  • Support and co-ordinate with internal stakeholders on preparing information security documentation.
  • Actively establish & strengthen relationships with external and internal customers/stakeholders. Assist in developing knowledge assets such as methodologies, operating procedures, process documents, templates, white papers etc.
  • Evaluate and advise on the implementation and effectiveness of the cybersecurity safeguards to ensure that they provide the intended level of protection.
  • Provide insights to IT and Business Teams on secure development & implementation of Information Systems.

Risk Assessment

  • BCMS, QMS, ISMS Risk assessment, Awareness activities, Data Privacy, VAPT etc.
  • Perform risk assessments to identify gaps in compliance to information security standards and policies and devise strategies and implement controls to minimize the risk.
  • Proactively identify risks and escalate to project stakeholders. Data security governance, data classification, data security design, security management, personal information compliance and protection consulting.
  • Provide security guidance on emerging technologies (IoT, Blockchain etc.)
  • Control evaluation for cloud engagements & Offsite development centers & Control evaluation of Outside Service Providers (Suppliers of IT services)

Training & Awareness Program

  • Conduct cyber security trainings and awareness sessions
  • Monitor for attacks, intrusions and unusual, unauthorized or illegal activity

VA & VAPT

  • Penetration testing of products and systems.
  • Lead engagements from kick-off with product owners through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines.
  • Perform Web Application Penetration Testing Network Penetration Testing Mobile Penetration Testing and Code Review independently based on the guidance from leads.
  • Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems
  • Familiarity with industry-leading standards, such as NIST, CIS benchmarks, and OWASP
  • Familiarity with browser, Web service, cloud security, mobile applications’ security, and operating system security concepts
  • Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk

Internal Audit & Reporting

  • Should independently handle internal audits (with minimal support from the leads) to ensure compliance with ISO 27001/ISO 22301/ISO 9001 requirement as well as process specific requirements.
  • Responsible for the effective documentation of internal audits (reports) with accurate mapping to control points.
  • Assist with the preparation of weekly / fortnightly / monthly reports.
  • Provide Security and Control metrics to Senior Management
  • Point out the non-conforming areas and suggest measures to improve the information security posture

Why join us?

We thought you would never ask! We offer all the usual stuff: competitive salary, flexible working hours, challenging product culture but the real perks are:

• Challenging and fun work environment solving meaningful real-life business problems - you will never have a boring day at the office.

• World-class team who love solving tough problems and have a bias for action. Tanla is an equal opportunity employer.

We welcome and encourage diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status.

www.tanla.com