BISO (Senior manager)

It's fun to work in a company where people truly BELIEVE in what they are doing!

We're committed to bringing passion and customer focus to the business.

Business Information Security Officer
Gurgaon , India
 

Job Description

Role Overview

We are seeking a highly skilled and experienced Security GRC to join our dynamic team. The candidate will be responsible for designing, managing, and enhancing our cyber defense strategy, with a focus on risk and compliance.  

Key Responsibilities

Governance, Risk, Compliance (GRC) and Investigations: 

• Maintain a comprehensive GRC framework aligned with industry standards, regulatory requirements, and organisational objectives. 
• Provide strategic direction and oversight for all aspects of governance, risk management and compliance activities in Fractal. 
• Develop and implement policies and procedures to promote a culture of compliance across Fractal.
• Help business to cater security requirements from the client side related to new engagement and help to conduct risk assessments for existing business processes.

• Ensure that policies are effectively communicated, understood, and enforced.
• Conduct risk assessments to identify and prioritise risks across Fractal. Develop and implement risk mitigation strategies and controls to minimise exposure to potential threats and vulnerabilities.
• Conduct internal audits and assessments to evaluate the effectiveness of security controls. Collaborate to address findings and remediate any identified deficiencies.
• Manage external audits and compliance for certifications including ISO 27001, SOC2 type2 PCIDSS and cloud security related audits.
• Develop and deliver training programs and materials to educate employees on GRC policies, procedures, emerging threats, and best practices.
• Promote awareness of compliance requirements through regular communication and training initiatives 
• Develop and execute comprehensive data monitoring strategy and tool to detect anomalies, unusual patterns, suspicious activities,  
• Protect sensitive data and mitigate the risk of data loss or leakage.
• Lead efforts to implement fraud prevention measures, controls, and procedures to mitigate fraud risks and protect company assets.
• Oversee employee investigations ensuring compliance with legal and regulatory requirements. Collaborate with Legal, HR teams to address fraud and employee investigation matters.
• Evaluate security posture of vendors and third-party partners through due diligence assessments and establish a process for ongoing monitoring.
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends. 

Required Skills: 

• Proven experience in managing GRC and risk management roles with at least 10 years of relevant experience. 
• Strong knowledge on  
• applicable information security management, governance, and compliance principles, standards, practices, laws, rules, and regulations (ISO 27001, PCI DSS, NIST, GDPR, CCPA, IT Act, etc) 
• cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration. 
• Information systems auditing, monitoring, controlling, and assessment process; 

• Risk assessment and management methodology.
• Detail-oriented, ability to consistently provide high-quality products that are concise, thorough and accurate. 
• Strong attention to detail with an analytical mind and outstanding problem-solving skills. 
• Excellent leadership, communication, and interpersonal skills with the ability to effectively engage and influence stakeholders at all levels of the organisation.

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!