Risk Management SME

About the role:As a 'Risk Management SME - Information Security & Privacy', you will be an individual contributor and hold primary responsibility of managing the information security and privacy risks for the organisation. You will:· Understand the current setup, interview the respective stakeholders, and conduct audits to identify the critical assets and perform asset valuation.· Identify viable threat & vulnerabilities, perform control analysis to determine the likelihood and impact.· Strategize and define the appropriate risk mitigating controls/technologies in liaison with the process owner.· Perform information security & privacy risk assessment using anyone of the approaches like ISO/IEC 27005, NIST 800-39, COBIT or relevant methodologies.· Identify the cascading risks and define the mitigation measures, involving relevant stakeholders.· Perform information security, privacy, and cybersecurity risk assessment across board from projects to support functions.· Quantify the risks as applicable and communicate the loss expectancy via relevant reports and dashboards and support in decision-making.· Identify the Key Risk Indicators (KRIs) and cascade it to respective stakeholders for prompt actions.Coordinate with the risk owners, enable accountability, arrive at mitigation measures, and track the closure of treatment plans.Monitor the threat landscape, risks, and effectiveness of the mitigation measures implemented.Perform privacy impact assessment for applicable processing activities.Perform third party risk assessment prior to onboarding of services/ tools as well as on an ongoing basis.Perform risk assessment pertaining to client contractual commitments.Drive initiatives to ensure compliance with client contracts.Take part in client, internal and external audits.Required Experience, Skills & Competencies:10 to 12 years of experience in GRC for Infosec/Privacy with focus in risk management for at least 4 years.Hands-on experience in anyone of the risk management tools and approaches like COBIT, NIST 800-39, ISO/IEC 27005 or relevant methodologies.Capable of performing quantitative or semi-quantitative risk analysis.Exposure to ISO 27001 or privacy practises (ISO 27701) or laws (GDPR & HIPAA).Experience in working with any GRC tool.Good to have - Credentials like Certified Information Security Manager (CISM), Certified Privacy Manager (CIPM), Certified in Risk and Information Systems Control (CRISC) and exposure to any dashboarding tool like Tableau or PowerBI.Understanding of the legal and regulatory requirements/implications regarding information security and privacy. PRB