Governance, Risk and Compliance Lead (GRC Lead)
Footer
·Education: Bachelor’s Degree in IT or a related field. Advanced degree or relevant certifications e.g., ISO 27001 LA, CEH, CISSP, CISM, CRISC is a plus.
·Experience: Minimum 12+ Years' experience in the same domain
·Excellent communication and interpersonal skills.
·Ability to collaborate with technical and non-technical stakeholders.
·Up-to-date knowledge of emerging threats and security technologies.
·Should be open to work from the office as per the below shifts, three days a week.
·Five days a week (Mon to Fri).
·Work Location: Bangalore
Job Responsibilities
Short Description
Welcome to Dibber!!
Dibber is a global family-owned early childhood education group from the Nordics developing and running over 500 ECD centers and schools in 10 countries and growing strongly. Now it’s time to start our journey in India.We develop and manage world-class Early Childhood Development (ECD) centers. The purpose – to make all children experience and believe they are valuable – is what brings us to work every day. We create experiences for children and their parents or guardians which have a positive impact on their lives. We continuously develop pedagogy, curriculum and concepts designed with holistic child development at heart.
Dibber Pedagogy focuses on creating a learning environment for children to develop lifelong learning competencies built on attitudes, knowledge, and skills and to help them succeed in their future education, work, and life. Through every layer of the Dibber Childhood (our pedagogical framework), each child in our preschool goes on a magical learning journey.
Our Dibber Heart Culture provides a warm and inclusive atmosphere – for children and employees. We care about each other. We treat others with the kindness and respect we wish to receive. We create positive experiences, and we invest our hearts in what we do and in relationships with each other.
Are you passionate about people, a leader with a warm heart and a great communicator? Would you like to help us get a successful start in India and set the foundation for our future growth? Then this job is for you.
Job responsibilities:
- The position requires frequent interaction with employees, customers, technicians, analysts, and specialists to troubleshoot problems related to the use of single and/or multiple information systems.
- Work may include the creation, installation, and modification of solutions and documentation. Demonstrated ability to work independently and complete assigned project responsibilities under limited supervision.
Key Responsibilities:
Information Security Strategy:
· Develop and implement an organization-wide information security strategy, policies, and procedures.
· Align security initiatives with business objectives and regulatory requirements.
· Provide strategic direction to ensure the effectiveness of the information security program.
· Strong knowledge of ISO 27001 implementation & continuous audit procedures
Risk Management:
· Identify, assess, and prioritize information security risks.
· Manage Risk Register.
· Implement risk mitigation strategies and controls.
· Regularly review and update risk assessments to adapt to evolving threats.
Security Awareness and Training:
· Develop and deliver information security awareness programs.
· Conduct regular training sessions for employees on security best practices.
· Foster a culture of security awareness throughout the organization.
· Periodically communicate and present the latest threats and their control measures to the organization.
Security Architecture and Design:
· Design and implement security architecture for systems, networks, email, and applications.
· Ensure that security measures are integrated into the development lifecycle.
· Review and approve system designs to ensure adherence to security standards.
· Perform periodic internal vulnerability assessments.
· Present the external VAPT gaps to the stakeholders and work closely with respective teams to mitigate them.
Incident Response and Investigation:
· Develop and maintain an incident response plan.
· Lead and coordinate response efforts during security incidents.
· Conduct post-incident investigations and implement improvements based on lessons learned.
Security Monitoring and Compliance:
· Implement and manage security monitoring tools.
· Monitor security alerts and incidents; respond to and investigate as necessary.
· Ensure compliance with relevant laws, regulations, and industry standards.
· Publish monthly security posture trends to the management.
Vendor and Third-Party Risk Management:
· Assess and manage security risks associated with third-party vendors.
· Review and approve security controls for external partners.
· Conduct regular security assessments of third-party services.
Security Governance:
· Chair or participate in the Information Security Steering Committee.
· Provide regular reports on the state of information security to executive leadership.
· Collaborate with other departments to ensure a holistic approach to security.
Bengaluru, KA, IN, 560029