Nissan is a pioneer in Innovation and Technology. With a focus on Mobility, Operational Excellence, Value to our Customers, and Electrification of vehicles, you can expect to be part of a very exciting journey here at Nissan. Nissan is going after a massive Digital Transformation backed by leading technologies across the organization globally. We are committed to building a diverse, entrepreneurial organization, and our current team is strong evidence of that. Our people are what drive the business forward. At Nissan Digital, you will be part of a dynamic team with ample opportunities to grow and make a difference.
Position Description
Information Security risk assessments help review system/application/vendor architecture and controls from a perspective of cyber security risks and help provide recommendations to mitigate the identified risks. Manager Information Security GRC is responsible for maintaining a robust Risk Management framework by evaluating applications hosted on prem or cloud, systems and external vendors to help reduce the security risks from cyber threats by highlighting remediation measures and advising on implementing corrective controls.
Responsibilities
Lead risk management program, planning and implementing compliance and risk assessment activities. This includes exception handling, Business Impact Assessment (BIA), and Business Continuity Planning (BCP). Security documentation governance - create, review, revise, and publish documents. Foster and sustain a positive security culture through security awareness initiatives Support the development of the GRC framework and ensure its proper operation; define and formulate the necessary processes related to GRC. Review risk exceptions per security processes, maintain risk register, and liaise with business units for tracking and closure. Support emergency security response in the event of a company-wide security incident or discovery of a significant security risk. Build, review, and sustain information security metrics program with periodic dashboards and reports to management. Serve as subject matter expert on Nissan security policy, processes, standards and best practices.
Competency Requirement
Manager Information Security GRC should have extensive experience in the coordination of program.
Perform risk assessments on systems, applications, and vendors and track open findings with business units for remediation and closure. Experienced in the development and implementation of information security policies, standards, and related procedures for security programs Experienced in cloud security assessments and defining security controls. Ability to assess environments against a wide variety of security, privacy, and compliance frameworks - ISO27001, NIST CST, SOC2, CMMC, WP29/UN-R155 Experienced in third-party risk assessment - program management, reviews, and closure Ability to handle end-user queries on information security matters independently Hands-on experience in security GRC workflow process automation tools like OneTrust, RSA Archer, etc Working knowledge of
Cyber and Cloud Security risks and controls
Security operations
System security engineering
Application Architecture reviews, SDLC, security tools and technologies
CSA Cloud Controls Matrix
Phishing simulation exercises
GDPR, SOX, PCI-DSS, SOC2, ISO 27001, Indian Digital Protection Data Protection Act
NIST Cybersecurity Framework
GRC (governance, risk management, compliance) - ITGC
Familiarity with automotive security standards like ISO/SAE 21434, UNECE WP.29 R155 CSMS
Experience
10 to 12 years experience in Cyber Security GRC with specific experience in systems risk and operational risk management
Desired Certifications & Skills
- CISSP, CISM or CISA
- Foundational certifications on cloud platforms
- Good understanding of GDPR and privacy regulations
Qualifications
Trivandrum Kerala India