- Information Security risk assessments help review system/application/vendor architecture and controls from a perspective of cyber security risks and help provide recommendations to mitigate the identified risks
- Manager Information Security GRC is responsible for maintaining a robust Risk Management framework by evaluating applications hosted on prem or cloud, systems and external vendors to help reduce the security risks from cyber threats by highlighting remediation measures and advising on implementing corrective controls
Responsibilities
- Lead risk management program, planning and implementing compliance and risk assessment activities
- This includes exception handling, Business Impact Assessment (BIA), and Business Continuity Planning (BCP)
- Security documentation governance - create, review, revise, and publish documents
- Foster and sustain a positive security culture through security awareness initiatives Support the development of the GRC framework and ensure its proper operation; define and formulate the necessary processes related to GRC
- Review risk exceptions per security processes, maintain risk register, and liaise with business units for tracking and closure
- Support emergency security response in the event of a company-wide security incident or discovery of a significant security risk
- Build, review, and sustain information security metrics program with periodic dashboards and reports to management
- Serve as subject matter expert on Nissan security policy, processes, standards and best practices
Competency Requirement
- Manager Information Security GRC should have extensive experience in the coordination of program
- Perform risk assessments on systems, applications, and vendors and track open findings with business units for remediation and closure
- Experienced in the development and implementation of information security policies, standards, and related procedures for security programs Experienced in cloud security assessments and defining security controls
- Ability to assess environments against a wide variety of security, privacy, and compliance frameworks - ISO27001, NIST CST, SOC2, CMMC, WP29/UN-R155
- Experienced in third-party risk assessment - program management, reviews, and closure
- Ability to handle end-user queries on information security matters independently
- Hands-on experience in security GRC workflow process automation tools like OneTrust, RSA Archer, etc
- Working knowledge of Cyber and Cloud Security risks and controls
- Security operations
- System security engineering
- Application Architecture reviews, SDLC, security tools and technologies
- CSA Cloud Controls Matrix
- Phishing simulation exercises
- GDPR, SOX, PCI-DSS, SOC2, ISO 27001, Indian Digital Protection Data Protection Act
- NIST Cybersecurity Framework
- GRC (governance, risk management, compliance) - ITGC
- Familiarity with automotive security standards like ISO/SAE 21434, UNECE WP.29 R155 CSMS
Experience
- 10 to 12 years experience in Cyber Security GRC with specific experience in systems risk and operational risk management
Desired Certifications & Skills
- CISSP, CISM or CISA
- Foundational certifications on cloud platforms
- Good understanding of GDPR and privacy regulations
Qualifications
