We are seeking a highly skilled and experienced Information Security Governance, Risk & Compliance (GRC) professional to join our team as a senior individual contributor. The ideal candidate will bring extensive experience within BFSI environments and have strong technical understanding of information security frameworks, cybersecurity regulatory compliance, business continuity management, and data privacy obligations.
Requirements
- Develop, maintain, and enhance the Information Security Management System (ISMS) based on ISO 27001/27002 or equivalent standards.
- Conduct enterprise-wide information security risk assessments, risk treatment planning, and continuous control monitoring.
- Maintain policy frameworks, standards, guidelines, and procedures.
- Ensure timely closure of information security findings across the business
- Manage compliance with industry regulations and BFSI-specific frameworks (e.g., PCI DSS, SOC 2, ISO 27017/18, ISO 27032, local data protection acts).
- Track and report security posture, cyber risk exposure, key metrics, and compliance maturity to leadership.
- Own and evolve the Cellulant’s Business Continuity Management System (BCMS).
- Lead the development, review, and testing of BCPs, DR plans, and crisis management procedures.
- Conduct Business Impact Analyses (BIAs) and risk assessments across critical business functions.
- Coordinate and lead resilience exercises, tabletop simulations, and post-incident reviews.
- Support implementation of privacy-by-design and privacy-by-default controls.
- Monitor compliance with relevant data protection and privacy laws (e.g., GDPR, regional data protection regulations).
- Work closely with Legal & Compliance, Product, Engineering and HR teams to ensure personal data handling aligns with regulatory expectations and internal privacy policies.
- Conduct Data Protection Impact Assessments (DPIAs) and privacy risk assessments.
- Lead the end-to-end Third-Party Security Assessment process for new and existing vendors.
- Assess third-party controls using industry frameworks (e.g., ISO 27001, NIST CSF, SOC 2, PCI DSS).
- Review vendor security questionnaires, external audit reports, penetration test summaries, and data protection agreements.
- Evaluate cloud, SaaS, managed services, and critical suppliers for compliance with BFSI security and privacy requirements.
- Work with procurement/supply chain, legal, and business owners to ensure appropriate contractual security, data privacy/protection, business continuity clauses and risk mitigation measures are in place.
- Maintain and track third-party risks, findings, and remediation activities.
- Support periodic reassessments and ongoing monitoring for high-risk suppliers.
- Provide expert GRC advisory support to cross-functional teams including IT, engineering, operations, legal, compliance and product.
- Design and promote security and privacy awareness programs.
- Support third-party risk assessments and vendor due diligence activities.
- Act as an internal advocate for strong security, privacy, and resilience practices.
Benefits
- Generous personal time off
- Medical and life insurance benefits (markets permitting)
