Governance, Risk, & Compliance (GRC) Manager - Bangalore

Bangalore, India Information Security Full-time
Cision employs the brightest, most passionate people in the tech industry. We’d love for you to join our growing team! We invest in our people through training and professional development while supporting you along the way—all so you can meet your career goals. To us, the most important measure of our success is yours.

ABOUT THE ROLE 
Working as part of the global information security office within the IT department at Cision, the GRC Manager will be responsible for managing the day-to-day IT compliance, data governance, and Information Security risk management functions. The role will include responsibility for managing the global Customer-facing Security Assessment and RFP process as InfoSec SME. The GRC Manager will furthermore be coordinating Cision’s internal and third-party audits and ensuring proper remediation of findings. 

The role will be involved with managing IT and organisational policies and standards in support of customer, legal and regulatory compliance needs as well as general IT and organisational information security practices. The GRC Manager is expected to have a deep understanding of information security concepts and technology, supporting necessary compliance and contractual discussions with Information Security Experts. 

Expectations

  • Manage Customer-facing RFP/Security Assessment process as InfoSec SME. 
  • Manage internal and external audit process for relevant compliance concerns. 
  • Perform business impact analysis and assist with development of InfoSec risk register. 
  • Collaborate to define IT security standards and develop supporting organizational policies. 
  • Perform security and compliance assessments on new and existing systems, processes, technology. 
  • Work with various business units to ensure controls are adequate, appropriate, and effective. 
  • Participate in disaster recovery and business continuity planning. 
  • Participate in Incident Management 
  • Interface with global IT and business partners to provide guidance and support. 
  • Perform periodic gap assessments to validate compliance on an ongoing basis. 
  • Stay up to date and informed on developing regulatory concerns and changing IT and information security trends. 
  • Support vendor due-diligence process and overall third-party risk management efforts. 

Requirements

  • Strong understanding of information security concepts and technology. 
  • Significant experience with legal and regulatory compliance standards such as SOC2, ISO 27001, PCI-DSS, SOX, GDPR, HIPAA, CCPA, etc. 
  • Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework. 
  • Practical technical information security background, e.g. development knowledge, is a plus 
  • Experience with IT GRC/RFP platforms (RFP.io, RSA Archer, MetricStream, etc.)  
  • Experience with IT governance, risk, and compliance management in a large global environment. 
  • Experience with reviewing and redlining security addenda to subcontractor and customer agreements. 
  • Excellent written and oral communication skills. 
  • Excellent people skills, for customer facing activities. 
  • Strong work ethic with attention to detail. 
  • Ability to excel in a fast paced and rapidly changing environment.  

Education and experience

  • Master’s degree in related field  
  • 5-8 years of relevant proven experience 
  • ISACA or (ISC)2 Certification a plus. 

Example work

  • Complete Information Security RFPS 
  • Coordinate third party audits. 
  • Participate in Customer meetings concerning Information Security requests.
  • Management of inherent and residual information security risks using a risk register. Prepare heat maps and analytics of known security risks. 
  • Internal audit - Monitor compliance with the organization’s info security policies and procedures among employees, contractors, and other 3rd parties. Referring problems to appropriate dept managers and/or administrators. 
As a global leader in PR, marketing and social media management technology and intelligence, Cision helps brands and organizations to identify, connect and engage with customers and stakeholders to drive business results. PR Newswire, a network of over 1.1 billion influencers, in-depth monitoring, analytics and its Brandwatch and Falcon.io social media platforms headline a premier suite of solutions. Cision has offices in 24 countries throughout the Americas, EMEA and APAC. For more information about Cision's award-winning solutions, including its next-gen Cision Communications Cloud®, visit www.cision.com and follow @Cision on Twitter.
 
Cision is committed to fostering an inclusive environment where all employees can be their authentic selves and perform at their best. We believe diversity, equity, and inclusion is vital to driving our culture, sparking innovation and achieving long-term success. Cision is proud to have joined more than 600 companies in signing the CEO Action for Diversity & Inclusion™ pledge and named a “Top Diversity Employer” for 2021 by DiversityJobs.com.
 
Cision is proud to be an equal opportunity employer, seeking to create a welcoming and diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or other protected statuses.
 
Please review our Global Candidate Data Privacy Statement to learn about Cision’s commitment to protecting personal data collected during the hiring process.