Mphasis - GRC Analyst

JOB Description:

Role and Responsibilities:

- To work as first point of contact for all Information Security & Compliance, Data Privacy, Business Continuity and Technology related requirements for the assigned vertical

- Oversee and manage security and compliance issues of process/account to adhere to the Mphasis (ISMS) & client requirements

- Coordinate development and implementation of the security assurance program at a project / Unit level.

- Implement corporate-wide training and communication programs to ensure that all employees and affiliated parties are educated on the Standards of Conduct and the Corporate Compliance Program.

- Coordinate with other departments and facilitate conduct of inquiries and/or investigations when deemed necessary.

- Perform reviews on audit controls and measurements and conduct Risk Assessments to ensure correct practices are established and adhered to.

- Facilitate internal/external audits to ensure nil/minimum non-compliance.

- Report at pre-defined intervals to the appropriate stakeholders on the status of compliance program.

- Respond appropriately to Business, Chief Risk Office - Investigations Team, if a violation or deviation is uncovered.

- Understand, establish, and monitor adherence to the Business Continuity Plan.

- Undertake and close the BCP testing activities in close coordination with the delivery SPOC/BCMS team.

- Proficiency in Stakeholder management and senior leadership communication/reporting

- Proficiency in Client engagement

- Establish value added analytics and initiatives within the function.

- Technically sound and proficient to identify and help remediate technical failures in coordination with internal stakeholders

- Self-driven with project management skills to lead internal projects and be the face for the function at an account / location level.

Qualification / Education Requirements; Competencies:

- B.E. / Science Graduate / Masters-Information Security

- Advanced knowledge of Information Security Management System

- Minimum relevant work experience of 2 - 12 years (L4-L7) in the Information Security domain

- Experience in implementing, facilitating audits for ISO 27001:2005; SOC1 Type-2 (SSAE), PCI

- Knowledge of SOC- ITGC, HIPAA, Data Privacy (DPA, GDPR)

- Exposure to BCM / DR; SOC 2 requirements and control implementation strategies

- Preferred: Certified: ISO 27001:2005, ISO-22301, PCI-DSS, IT/Network - Security +, CCNA, PMP

- Desired: CISA / CISM / CISSP

- Proficiency with MS-Excel/VB/PowerPoint

- Qualitative approach towards aligned delivery requirements