IT Governance Professional

• Provide guidance and support for IT GRC processes, ensuring adherence to applicable information security management, governance, and compliance standards.
• Conduct independent risk assessments and audits in line with ISO standards and other regulatory frameworks.
• Assist in the management and implementation of vendor risk, user access, and environmental/social governance solutions.
• Work across various industries, including banking, small finance companies, insurance, and mobile tower sectors, to ensure effective and timely resolution of issues.

Key Responsibilities

Governance, Risk, and Compliance (GRC)

• Knowledge of applicable Information Security Management, Governance, and Compliance principles, practices, laws, rules, and regulations.
• Conduct risk assessments and implement risk management methodologies to identify and mitigate potential issues.
• Audit and assess IT general controls in alignment with internal policies and regulatory requirements.
• Stay updated on the latest Information Security regulatory requirements and provide insights to stakeholders.

Audit & Compliance Management

• Perform independent assessments and audits based on ISO standards.
• Conduct comprehensive audits in areas such as IT General Controls, User Access Management, and Vendor Risk Management.
• Document audit findings and work with internal teams to ensure compliance with relevant regulatory bodies.
• Develop and execute audit plans for various departments, ensuring effective governance and compliance.

Project & Stakeholder Management

• Lead the development of Business Requirements Documents (BRDs), technical customization, gap analysis, and functional specifications for projects.
• Coordinate end-to-end projects for banks, small finance companies, and other financial institutions, ensuring timely and high-quality delivery.
• Provide strategic advisory to resolve functional and development issues efficiently and effectively.
• Ensure projects meet the highest standards of quality by collaborating with cross-functional teams.

Vendor Risk Management & User Access

• Manage and monitor vendor risk management processes, ensuring that third-party vendors comply with relevant regulatory and security requirements.
• Oversee user access management processes to ensure that sensitive information and resources are accessed in compliance with security policies.

Service Operations & People Management

• Define service-level agreements (SLAs) and manage contracts, ensuring optimal resource utilization and smooth operational delivery.
• Coordinate with business partners and key stakeholders to ensure effective service delivery and problem resolution.
• Foster healthy employee relations, resolving grievances and ensuring a positive work environment.
• Liaise with administration and accounts departments to obtain necessary sanctions, approvals, and clearances for operational activities.

Key Skills & Competencies

• Risk, Governance & Compliance

  : Strong understanding of IT risk management, governance frameworks, and compliance standards.

• Regulatory Audit

  : Proficient in conducting audits and assessments in line with regulatory requirements and industry standards (ISO, GDPR, etc.).

• Information Security

  : Awareness of regulatory requirements related to information security and data protection.

• Communication

  : Excellent soft skills, with the ability to communicate effectively with internal stakeholders and external vendors.

• Team Collaboration

  : Proven ability to work effectively in a team environment, contributing to problem-solving and achieving organizational goals.

• Project Management

  : Expertise in managing end-to-end projects, from requirements gathering to delivery, ensuring quality and timely execution.

• Vendor & User Access Management

  : Experience with vendor risk management and user access control processes to ensure regulatory compliance.

Qualifications & Experience

• Educational Background

  : Degree in Information Technology, Computer Science, Business Administration, or related field.

• Professional Experience

  : Previous experience in IT GRC, audit management systems, vendor risk management, and user access management.

• Industry Experience

  : Experience working across internal audit departments in banks, small finance companies, insurance, or telecommunications (e.g., mobile towers).

• Certifications

  : Relevant certifications such as ISO 27001, CISSP, CISM, or similar would be a plus.