Education

BE/BTECH, MCA, MCS

Desired Profile

– Minimum 5 to 8 Years of experience in IT GRC and data privacy.

Roles and Responsibilities

– Risk Management and Compliance:
a. Conduct comprehensive IT risk assessments and vendor audits.
b. Develop and implement strategies for risk mitigation and compliance.
c. Stay updated with IT and data privacy regulations (DPDPA, GDPR, etc.)

– Data Privacy and Protection:
a. Develop, maintain, and enforce data privacy policies.
b. Ensure organizational adherence to data privacy laws.
c. Perform Data Protection Impact Assessments and manage risk remediation.

– Policy Development and Implementation:
a. Create and revise IT GRC policies and procedures.
b. Collaborate across departments for policy implementation.
c. Train and guide staff on compliance and data privacy practices.

– End User awareness:
a. Develop content/flyers for regular communication to employees.
b. Conduct quarterly InfoSec quiz.
c. Conduct online user awareness sessions on Information Security & Data privacy

– Stakeholder Communication:
a. Communicate IT GRC and data privacy standards to stakeholders.
b. Prepare compliance reports for management and regulatory entities.
c. Liaise with external auditors and regulatory bodies.

Make good, informed decisions around technical debt, 3rd party tools, and tradeoffs.