Role Purpose
The purpose of the role is to analyse security requirements and design security solutions towards
protecting organization's security assets.
Do
Want more jobs like this?
Get jobs in Mumbai, India delivered to your inbox every week.
Stakeholder Interaction
Stakeholder Type
Stakeholder Identification
Purpose of Interaction
Internal
CRS practice team
Reporting and updates
IT team
To understand IT systems and audit
Internal Legal Team
For discussing legal Practices
External
Customer
Data analysis and reporting
Display
Lists the competencies required to perform this role effectively:
- Functional Competencies/ Skill
- Domain/Industry Knowledge - Awareness and knowledge of Corporate IT Security ~ Contractual IT Governance & Compliance ~ Data Protection ~ Privacy ~ IT General Controls ~ Internal & External IT - Expert
- Leveraging Technology - In-depth knowledge of and mastery over ecosystem technology that commands expert authority respect - Master
- Technical knowledge - Complete understanding of risk and compliance audits((ISO27001, SOX, HIPAA, GLBA, PCI DSS, SSAE16 etc.) - Expert
Competency Levels
Foundation
Knowledgeable about the competency requirements. Demonstrates (in parts) frequently with minimal support and guidance.
Competent
Consistently demonstrates the full range of the competency without guidance. Extends the competency to difficult and unknown situations as well.
Expert
Applies the competency in all situations and is serves as a guide to others as well.
Master
Coaches others and builds organizational capability in the competency area. Serves as a key resource for that competency and is recognised within the entire organization.
- Behavioural Competencies
- Strategic perspective
- Technology Acumen
- Communication and Presentation Skills
- Problem Solving approach
- Managing Complexity
- Client centricity
Deliver
No.
Performance Parameter
Measure
1.
Adherence to established risk and compliance framework
% deviation from audit, release audit scores, closure on audit points, cyber health of the organization, audit timelines
2.
Disaster recovery
Number of risks identified and mitigated, Timely communication to the client
GRC Process