jobseeker Logo
Now Apply on the Go!
Download iimjobs Jobseeker App and get a seamless experience for your job-hunting
04/06 Ashwini Nabar
Senior Recruiter at ZS Associates India

Views:169 Applications:30 Rec. Actions:Recruiter Actions:28

ZS Associates - Specialist - Risk Management & Audit (7-10 yrs) Premium

Pune Job Code: 933670

ZS is a professional services firm that works side by side with companies to help develop and deliver products that drive customer value and company results. From R&D to portfolio strategy, customer insights, marketing and sales strategy, operations and technology, we leverage our deep industry expertise and leading-edge analytics to create solutions that work in the real world. Our most valuable asset is our people- a fact that's reflected in our values-driven organization in which new perspectives are integral and new ideas are celebrated. ZSers are passionately committed to helping companies and their customers thrive in industries ranging from healthcare and life sciences, to high-tech, financial services, travel and transportation, and beyond.

ZS's India Capability & Expertise Center (CEC) houses more than 60% of ZS people across three offices in New Delhi, Pune and Bengaluru. Our teams work with colleagues across North America, Europe and East Asia to create and deliver real world solutions to the clients who drive our business. The CEC maintains standards of analytical, operational and technological excellence across our capability groups. Together, our collective knowledge enables each ZS team to deliver superior results to our clients.

ZS IT Support teams are aligned with the company's business strategy and operating model and aims to provide its 4000 plus employees and their clients the right tools and information for high performance. The IT organization focuses on providing products and services to ZS to ensure successful business outcomes. This involves providing a scalable, sustainable and reliable IT infrastructure, customized applications, messaging and collaboration products, Business Intelligence and Database administration support along with a reliable 24- 7 uninterrupted high-quality technology support services.

Specialist - Risk Management and Audit

We are currently seeking applicants for the position of Specialist - Risk Management and Audit to join our India IT Governance, Risk and Compliance team. The position will support various management directed, IT risk governance initiatives which include following job requirements:

- Ensure risk and control activities are completed in a timely and appropriate manner

- Act as SME supporting functional managers in understanding and applying responsibilities towards risk and compliance providing recommendations as appropriate

- Lead any Security Framework Implementation (Like ISO 27001, NIST, etc.)

- Provide first line of defense support in assessing risk and reviewing control issues

- Documentation of control procedures, standards and guidelines, etc.

- Report control issues and follow up on non-compliances with Functional leadership to mitigate and close the issues

- Co-ordinate and Track the tickets / findings in areas below to closure

- IT Operational Risks and Information Security Risks

- Control Self assessments

- Internal/External Audit findings with appropriate CAPA

- BCP / Disaster recovery

- Problem tickets with root cause analysis

- Audit event co-ordination, Audit liaison and issue closure oversight (SOC 2 Type 2, ISO 27001, etc.)

- Lead pre-audit preparation activities with stakeholders (SOC 2 Type 2, ISO 27001, etc.)

- Control conformance monitoring

- Identification and application of required governance for risk and control issues using appropriate toolsets

- Generate regular reports for Senior Management

- Ensure that Risk and Compliance activities associated are regularly reviewed to drive continuous improvement: providing Subject advice, making recommendations and interventions as appropriate

Responsibilities:

- Asist in prioritizing and planning risk management activities

- Working with Risk Lead to review, prioritize and assign identified control gaps

- Support Risk Owners and Tech teams in documenting control procedures, guidelines, etc.

- Audit / Regulator engagement & issue management (SOC 2 Type 2, ISO 27001, etc.)

- Technology Infrastructure Specific Risk/Compliance Metrics reporting

- Control Execution / Control remediation oversight and escalation

- Risk acceptance / Deviation review

- Ensure risk and control activities are completed in a timely and appropriate manner applying the correct governance route

- Act as SME supporting functional units in understanding and applying responsibilities towards risk and compliance providing recommendations as appropriate.

- Retain oversight of all active governance activity across all relevant key risks under Technology Infrastructure Operations. Create / review/ continuous update of the risk library

- Report and publish control issues and active non-compliances to senior leadership inclusive of providing content for Senior Leadership risk and control review forums/Committees.

- Ensure all governance attestations and sign-off from Senior leadership are completed including the conduct risk measures

- Champion and lead a culture of customer service and continuous improvement ensuring that opportunities for process and service Improvements Monitor performance and identify areas for improvement Actively look for ways of smoothing peaks and troughs and reducing time scales.

Qualifications:

- Atleast 7-10 Years of experience in Information Security Area

- Good Risk / Control / Compliance and Information Security skills

- Knowledge and Experience of Technology Infrastructure. Understanding of Infrastructure Security

- Working knowledge of group risk frameworks, policies and standards

- Stakeholder management

- Advanced Communication skills (Speaking/ Writing/Listening)

- CISSP / CISM / CISA/ CRISC certification preferred

- Proficient in MS Office productivity suite (e.g. Word, Excel, PowerPoint, SharePoint). Advanced Excel skills strongly preferred

- Basic working knowledge of following (Majority of the points, if not all):

- COBIT - Control Objectives for Information and Related Technology

- ISO/IEC 27001:2013 - Code of Practice for Information Security Management

- NIST SP 800-53

- NIST CSF

- SOC1/SOC2/SOC3

- HIPAA/HITECH Security and Privacy Audit Protocol

- Shared Assessments Standard Information Gathering (SIG) framework

- US SOx - Sarbanes Oxley Act

- US HIPAA/HITECH Act

- EU GDPR - General Data Protection Regulation

- US EU Privacy Shield

- India Companies Act

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
Something suspicious? Report this job posting.