GURUGRAM · FULLTIME
Senior Manager
Nykaa
Gurugram · onsite · Posted 13d ago
Your match
Sign in to see your match score, skill gaps & tailored resume.
Section · 01
About this role
Role- Senior Manager Location- Gurgaon Model- Work from office (5 days)
Key Words - NIST, PCI-DSS, Security Awareness Training, ITGC Audit, InfoSec Risk Assessment, ISO 27001 implementation Location: Gurgaon Work Model: 5 days from office Experience: 6-9 Years Basic Qualification- Graduate in Technology Stream Job Description: Information Security GRC Manager We are seeking a highly skilled and detail-oriented
Information Security GRC (Governance, Risk, and Compliance) Manager to manage our security framework, ensuring our organization stays ahead of emerging threats while maintaining world-class compliance standards. In this role, you will be the bridge between technical security requirements and business objectives, fostering a culture of security through training, rigorous auditing, and strategic risk management. Key Responsibilities 1. Governance & Policy Management
- Security Policy Lifecycle: Lead the review and update of security policies to ensure alignment with emerging threats and risks. Work closely with technology and business stakeholders to ensure policies are practical and effective.
- Exception Management & Governance: Manage the end-to-end security policy exception process, ensuring risks are documented, signed off by stakeholders, and reviewed periodically. 2. Risk Management
- Enterprise Risk Assessment: Perform comprehensive Information Security Risk Assessments, identifying emerging threats, vulnerabilities and tracking the closure of identified gaps.
- Third-Party Risk Management (TPRM): Undertake security risk assessments for third-party vendors and partners to ensure they meet our internal security standards.
- Risk Mitigation: Ensure that all identified security risks are managed and tracked appropriately, with robust controls in place to mitigate potential impact. 3. Compliance & Auditing
- PCI-DSS Implementation: Oversee the implementation of PCI-DSS controls and coordinate with internal stakeholders and with the
Qualified Security Assessor (QSA) for
zero observations .
- ISO 27001:2022 Sustenance: Maintain the ISO 27001:2022 framework, driving continuous improvement and ensuring zero observations during surveillance and recertification audits.
- Internal & ITGC Audits: Perform internal security audits and coordinate
IT General Controls (ITGC) audits, managing the remediation of any findings to ensure a strong control environment.
- AI Security Governance (ISO 42001) - Conduct AI security governance reviews and recommend controls aligned with ISO 42001 to ensure framework compliance. 4. Security Awareness & Training
- Educational Programs: Design and deliver security awareness training for
New Joiners, Contractors , and annual
Refresher courses for all staff.
- Phishing Simulations: Execute regular phishing simulation programs. Analyze results and provide targeted training for employees who fail the simulations to improve the organization's human firewall. 5. Reporting & MIS
- Data-Driven Insights: Maintain and update accurate
Management Information Systems (MIS) . Provide regular reports to leadership on risk posture, training completion rates, audit findings, and remediation timelines. Qualifications & Requirements
- Experience: A minimum of
6 years of direct experience in Information Security Governance, Risk, and Compliance.
- Certifications: Must possess at least two (or more) of the following:
- CISA (Certified Information Systems Auditor)
- CISM (Certified Information Security Manager)
- CISSP (Certified Information Systems Security Professional)
- ISO 27001 Lead Auditor/Lead Implementer
- Certified in Risk and Information Systems Control (CRISC)
- Technical Knowledge: Deep understanding of ITGC, PCI-DSS, ISO 27001:2022, AI Governance, Unified Controls Framework, and NIST standards.
- Soft Skills: Exceptional stakeholder management skills and the ability to translate complex security risks into business terms.
Sourced from linkedin · view original
Let the agent run this one for you.
Tailored resume, auto-apply, and referral lookup — in under 2 minutes.
Section · 02