HCLTech | Deputy General Manager - Corporate Certification

Job DescriptionGraduate/ Master's degree in IT, Engineering, Risk Management, Business Management, or any other relevant field13 years or more Industry recognized certifications (at least 3)- such as, ISO 27001, ISO 22301, ISO 27701 PCI-DSS, CISA, CRISC, CISSP, etcIn addition, ISO 42001, Project management training or PMP certificate would be preferredPosition SummaryThis role will be responsible for leading and managing the HCLTech's Corporate level Certifications and Attestations programs under the Risk &. Compliance (R&C) function, a second line of defence corporate department for risk management. Currently, this comprises of industry leading portfolio - SOC 1, SOC 2, SCO 3 Attestation Program, ISO Standards (ISO 27001, ISO 22301, ISO 27701, ISO 42001), Cyber Essentials Plus and PCI-DSS, etc. Role will be responsible to manage and transform the overall certification management program, lead a team in offshore, act as a subject matter advisor and drive risk transformation with diverse knowledge across various industry lines.Key responsibilities Manage and drive independently the HCLTech's Corporate Certifications and Attestations function/ program under the Risk &. Compliance (R&C), a second line of defence corporate department for risk managementSOC 1, SOC 2 Attestation Programs, ISO Standards (ISO 27001, ISO 22301, ISO 27701, ISO 42001), Cyber Essentials Plus and PCI-DSS, etc.Develop strategic, tactical and operational roadmaps of the certificationsManage the complete lifecycle of various certifications to effectively maintain and keep in good standing the corporate level certifications for HCLTech service delivery centres globally, and other of its entities.Review current state of certification methodology and, design and enhance or transform to align with the strategic objectives of the enterprise as well as the industry leading practices.Design/ review/ maintain/ transform the control environment that unifies the requirements of various management systems and industry standards, such as ISMS, PIMS, & BCMS etc., and standards like NIST, ISO standards, ISAE 3402/SSAE 18, PCI DSS, CIS Critical Security Controls, OWASP, and CSA Cloud Controls etc.Operate the Certification program in a manner that it identify, assess, mitigate and report risks to provide an intendent assurance to management and for company's customers.Proactively identify the industry developments in the relevant field and changes in the existing standards to adjust and adopt quickly for keeping the firm ahead of the curve. Be aware of the latest information security trends. Be responsible to proactively know the latest threat landscape to ensure that proactive actions are taken during assessments.Work with various stakeholders and set processes to identify the contractual requirements with regards to the corporate level certification and attestation requirements, to ensure compliance.Work with relevant stakeholder to manage compliance of the requirements through awareness and regular connects, and ensure they understand and adhere to necessary procedures to maintain requirements.Manage 12+ team of program managers and assessors various certification and attestation programs, with end-to-end people manager responsibilities.Managerial responsibility to be the end-to-end owner from planning, implementation, assessment, communications, reporting, stakeholder management, and escalation management, for the entire suit of certification folio.Render periodic status reports on the certification programs. Partner/ coordinate with risk leaders within R&C and other stakeholders to create executive level risk reports to be utilized by the management for executives and board level view of status, progress and performance of program.Advise and drive control environment transformation with diverse knowledge of covering various industries - financial, healthcare, lifescieince, oil and gas, telecommunication, Technology product line, manufacturing, hospitality, real estate and public sector etc.Plan and drive independently mission critical projects by partnering with senior leadership across the enterprise - Develop project or program key milestone deliverables and manage end-to-end lifecycle of projects and initiatives, including project plan, budget, kick-off presentation, on-going progress status, and reports.Manage program activities with key stakeholders (internal and external to R&C). Activities may include developing project approach, drafting communication, scheduling meetings with leaders and their SPOCs, working with vendor partners, and following up on open action items.Deploy effective planning and governance practices to sense risks to completion of projects and initiatives and, timely highlight, discuss, recommend mitigations and escalate to address the same. Forecast the dependencies / inter-dependencies in advance and cater in project planning to ensure no risk to successful completions of certification cycles.Provide the risk perspective within a process at an enterprise and operational level. Developing risk mitigation and transformation strategies and drafting executable tactical and operational plans, including for identifying, assessing and responding to risks and/or testing or monitoring control activities.Ability to apply process oriented approach to drive initiatives and problem solving and, ability to effectively articulate and liaison with senior personnel and leadership.Initiate/ Manage critical project reviews for mission critical and high impact change management implementations .Desired Experience and skillsShould have lead or have a senior responsibility in certifications program for a large organization and/or have a sound hands-on experience track of consulting, setting up and transforming the certification program and implementing the unified control environment cutting across multitude of industry best standards.Extensive hands-on experience in managing relevant projects and initiatives.Proficiency in Risk Management and preferably experienced in IT service outsourcing/ product industry.Self-driven and carry blend of excellent managerial and subject matter expertise in information security and cyber security and QMS certification management.Well versed with the process related to strategic, tactical and operational plans business goals, and concepts of risk management or any other relevant field.Project management training or PMP certificate would be preferred.Good knowledge of corporate governance including risk governance.Strong written and verbal communication skills and technical skills in MS PowerPoint and MS Excel.Excellent with Management Reporting, Reviews, Data AnalyticsMust be willing/eligible to travel domestic and international as per business needs, and be open to coordinate in various time zones. AGG