Northern Arc - Information Security Governance & Risk Engineer - Change Management
Bengaluru, Karnataka, India
Posted on Monday, July 17, 2023
- Review and update of the information asset register in accordance with RBI, UIDAI and ISO 27001:2013 requirements
- Review the classification levels of data, maintaining risk register and tracking.
- Create and Managing the KRI matrix and thresholds as per compliance, technology, policy and process
- Conduct Data privacy or PII reviews with intra department for PII protection for customers and employees
- Conduct policy and process risk assessment of vendors, while on boarding, evaluation and to monitor, and maintaining the same.
- Provide assistance in IT security product & services risk assessment during evaluation and procurement.
- Track the annual review, changes of all policies and procedures, draft and update/consolidate to policy documents as needed.
- Assist in preparing decks/updates for committee meetings and other management review decks.
- Review the reports and alerts and ensure to close with service groups
- Access Control Reviews for cloud, application and infrastructure.
- Comprehensive risk assessment and control testing to be carried out annually and sustenance.
- Assist in conducting the various simulations and campaigns for awareness and maintain measure the effectiveness
- Assist in Information security projects implementation
- Conduct access control, change management and other process level reviews
- Timely escalation to right stakeholder, if any deliverable is at risk.
- Working closely with IT and other business function of the organization for IS assessments and various risk review activities.