RiskPro India Ventures Private Limited

Andheri East, Mumbai

JD for Information Security and Compliance Specialist:Responsibilities:1. Utilize 3-5 years of direct experience in information security, specializing in risk and compliance management. Proficiently conduct audits and manage audit responses and observations.2. Implement ISMS (Information Security Management System) standards, policies, and conduct access reviews to ensure regulatory compliance. Perform thorough risk assessments and remain updated on relevant regulatory requirements.3. Demonstrate a proficient understanding of identity management standards, Business Continuity Planning (BCP), Disaster Recovery (DR), and Cloud Security.4. Utilize GRC (Governance, Risk, and Compliance) tools and techniques to organize and execute risk and compliance projects. Conduct audits, compile evidence, and coordinate audit responses efficiently.5. Manage risk and vulnerability assessments, along with compliance reviews, to ensure adherence to security standards.6. Maintain and monitor a centralized repository for procedures and documents related to security and compliance.7. Demonstrate proficiency in incident response and change management practices.8. Collaborate with stakeholders to align IT General Controls (ITGC) objectives with organizational goals.9. Support functional teams in achieving ongoing operational compliance.10. Conduct Vulnerability Assessment and Penetration Testing (VAPT) assessments, drive remediation efforts, and ensure the closure of identified vulnerabilities.11. Stay updated on regulatory changes impacting information security and ensure organizational compliance.12. Conduct security awareness training sessions and effectively communicate security policies and best practices to all stakeholders.13. Possess effective written and verbal communication skills to interact with cross-functional teams.14. Demonstrate strong analytical and problem-solving abilities to effectively address security and compliance challenges.

Company name -Riskpro India limited Website - http://www.riskpro.in/ 5 -10years of experience in PCI DSS Job location - Mumbai ,Pune,Bangalore and chennai Roles & Responsibilities: Work with internal and external stakeholders to assess the IT architecture or proposed IT architecture solutions to identify the risk areas with regards to PCI controls. Assess the network architecture and or reviews the Firewall rulesets, Network devices/appliances to see if they are aligned with the PCI control requirements and recommends compensatory controls where necessary. Execute operational activities to support audit and compliance activities including technical validation processes. Conduct PCI DSS scoping engagements, gap analysis and assessments related to securing the Cardholder Data Environment. Effectively multi-tasks on multiple assignments and deliverables. Actively accepts individual and team responsibilities to meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals. Discuss the SOP document with all relevant stakeholders - right from process owner to the BU functional heads Detailed understanding of SOC reports (SOC2, Type 1, 2), ISMS reports and ability to relate the IT General Controls, IT Application Controls, Cyber Controls to the SOC framework. Develop and Maintain Vendor Risk Management /Third Party Risk Management Program including Vendor Onboarding Audit, Periodic Vendor Assessment, Maintain TPRM Database. Review and implement controls and policies as per RBI and other regulatory requirements. Maintain ISMS framework, evaluate effectiveness of implemented controls and provides recommendations for improvement. Facilitate Client Due - Diligence in collaboration with Business. Develop and Maintain Enterprise Risk Assessment framework. Perform Internal Assessment against various Standards to ensure the established policies are being followed and prepare internal report

Handling Enterprise Wide Risk Management Assignments end to end in the organization. Responsibilities include facilitating the identification of risks throughout the organization, developing, reporting and monitoring formats on risk management issues and developing methodologies for the assessment of risks throughout the organization. Test Internal controls & compliance environmental controls independently. Identify the root causes, recommend a mitigation plan on audit/testing observations. Good in Risk Register & RCSA Experience in Operational Risk too/Internal Control. Conduct, Monitor & Review independently Risk based internal Audits all areas. Good knowledge of Various ERM Frameworks Eg: ISO 31000 Collaborated with cross-functional teams to enhance internal control procedures, assisted in developing an enterprise risk management framework. Supports CRO regarding all aspects of the enterprise-wide risk management program. Having both, Industry and consultancy experience will be more beneficial.