Director at Rainbow HR Consulting
Views:307 Applications:98 Rec. Actions:Recruiter Actions:0
DGM - IT Governance/Risk/Compliance (13-15 yrs)
Job Description :
- One of the large conglomerates in Metal, Mining, Financial Services, business is hiring for a Governance & RISK Compliance leader in IT function.
- Under the direction of the Infrastructure head, the IT infrastructure GRC role is responsible for the assessment & execution of a comprehensive IT governance, risk and compliance for the group's Infrastructure Managed services & related entities such as suppliers, partners and Telco's etc.
Further the purpose of this job includes :
1) To assure that information created, acquired or maintained on the group's primary businesses infrastructure & its authorized users is used in accordance with its intended purpose.
2) To review & identify the gaps of Group's information infrastructure & it's infrastructure service delivery processes & setup from external & internal threats;
3) To assure that group IT related actions & any new initiatives are compliant with statutory and regulatory requirements.
4) To build control on third parties by developing the 3P risk management program to avoid breaches and incidents from them to ensure that risk are properly identified, assessed & managed.
Key result Area :
1. Develop & deployment of Infrastructure Compliance Policy :
- Develop Group's information infrastructure policies, procedures and standards
- Work with Key IT infrastructure teams, data custodians and governance teams in the deployment of such policies in respective businesses
- Ensuring group policies support compliance with external requirements such as regulatory and statutory compliance
- Dissemination of group infra policies, standards & procedures to the user community as well as infrastructure services and setup at businesses.
2. Infrastructure Compliance Program Management :
- Design, develop, deploy and oversee an enterprise-wide Information Infrastructure Program consistent with applicable regulatory and compliance requirements
- Develop and communicate policies, procedures and standards of information technology systems, networks, applications, and voice and data communications that are consistent with current regulatory and Compliance requirements
- Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the program.
3. Compliance & enforcement of Managed Infrastructure Services Improvement :
- Co-ordinate deployment of the Service Delivery & related processes in all areas of Infrastructure operations and projects across the group
- Plan periodic data center, network and infrastructure apps audit to explore vulnerabilities and threats and ensure to fill the gaps in all above domain in time & Full accountable for implementation, audit of policies & procedures based on ITIL, ISO 20000 and ISO 27001 framework
- Keep abreast of latest infrastructure technology and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to group and its infrastructure
- Assign and track service improvement initiatives through defining roles and responsibilities and work with the respective service owners to define KPIs
4. Infrastructure Readiness for Business Continuity :
- Develop and assess an ongoing risk assessment program targeting risk assessment & potential business impact of a business disruption
- Design, development, and documentation of business unit continuity plan
- Develop and establish Disaster Recovery
- Procedures for infrastructure operations & supporting services
- Track and measure the enterprise risk posture
- Review day-to-day management of IT service delivery operations
- Liaise between service delivery teams and internal/external audit teams & schedule and launch periodic audit reviews
5. Infrastructure Groupwide Large Project Risk Management :
- To review proposed projects to identify potential risks
- Classify and valuate enterprise data assets of the project
- Create dedicated governance and Compliance roles with segregation of duties as a fundamental factor
- Identify and deploy standard risk assessment models and frameworks for projects
- Create and communicate strategies for risk mitigation
6. Change Management :
- Periodically review the process for change management, and ensures that each change follows the complete procedure to ensure minimum disruption to IT services
- Chair the Change Advisory Board (CAB) and ensure that the CAB has all the required information to evaluate the changes
- Ensures that changes are logged, prioritized, categorized, assessed, authorized, planned, and scheduled, and are introduced in a controlled and coordinated manner.