- Senior
- Oficina en Bengaluru
An experienced individual that works in a methodical and concise manner is required to successfully manage the InfoSec GRC and Privacy function at DNEG.
● Experience of working within a highly technical and multi-faceted InfoSec security program.
● Have excellent interpersonal, analytical, assessment and documentation skills which can be effectively utilized to develop and deliver against highly critical and GRC and Privacy assurance requirements.
● Working closely with the Information Security Program Manager (ISPM) to successfully prioritize, steer and deliver the GRC and privacy facets of the InfoSec program.
● Experience of working within multi-faceted audit environment.
● Demonstrable experience of delivering, maintaining, managing, and maturing a global GRC program to meet the requirements of a highly complex environment.
● Excellent track record of working with both internal and client driven auditable environments and ensure that control areas are effectively managed from a risk-based methodology.
● Manage, maintain, and mature the GRC and function within DNEG.
● Work proactively with the wider InfoSec team to ensure that all GRC and audit deliverables are suitably communicated and documented.
● Be able to work effectively in an independent capacity and as part of the InfoSec team.
● Utilize effective task management, communication, and leadership skills.
● Work in close partnership and collaborate with peers and internal technical teams.
3.1 Mandatory Job Requirements
A successful candidate will meet the majority of the requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:
● Five to Ten years, plus/minus, of working within, or leading, a GRC, Data Privacy and audit function.
● Have demonstrable experience with all the following key areas:
- Lead and mature the existing GRC program to ensure that identified CRM and InfoSec risks are suitably kept within DNEG’s risk tolerance level.
- Highly proficient with Risk Management methodologies and suitable application.
- Lead the assessment, evaluation and define risk mitigation solutions across the business and technical environments and identify areas of improvement.
- Take ownership of the ISMS policy framework and ensure that the control framework is suitable and meets requirements as set forth by industry and client driven audit requirements.
- Conduct onsite security audits and gap analyses across DNEG facilities to assess alignment with security frameworks.
- Mature and further develop the audit program and work collaboratively with peers and stakeholders to ensure that control deficiencies are suitably tracked and ultimately either mitigated or accepted.
- Demonstrable working knowledge of data privacy legislations, e.g., GDPR, and the applicability of applying mandated controls to minimize risk associated with privacy breaches etc.
● Knowledge of Information/Cyber Security processes and methodologies, e.g., ISO27001, CSA CCM etc.
● Experience of working collaboratively and effectively with a PMO function.
● Document and create qualitative and quantitative reporting relating to the GRC / Data Privacy roadmap.
A successful candidate will have experience with the desired requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:
● Experience of working with and customizing automated risk management platforms and services.
● Prior experience working within either the film or media industry sector.
● Experience and demonstrable, high-level knowledge, of the following:
- Working within either a hybrid or cloud native environment and their associated risks that are applicable within this type of environment.
● A bachelor’s degree in IT or Computer Science is desirable, but not essential.
● Any of the following Risk Management certifications, e.g., CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor etc.