The Head of IT Compliance will lead the team of IT compliance managers across DOP, who act as a SPOC for business leadership, RMAC and client IT teams for all IT Compliance needs. The key objective of this role is to drive the compliance around all the contractual obligations in IT space for all the DOP engagements across the globe. This leader will work very closely with the RMAC function to drive Internal Risk/Gap assessment, IT compliance, Audit preparation etc. Will also work very closely with the larger IMG organization to close gaps/risks/observations, sample/evidence fulfilment for various audits. Shall also be responsible for setting up process for sustainable compliance across DOP organization. This role requires a self-starter with high energy levels and go getter attitude!!
· Set up the IT Compliance function for the DOP organization
· Work closely with the RMAC team to Implement/sustain Integrated Risk Assessment Framework across the DOP organization for all critical sites
· Work with larger IMG organization for Governance and KPI adherence of Patch Management, Vulnerability Management, System Hardening, End point Security, Application Security etc
· Identify, highlight and help to remediate key cyber risks in the DOP organization. Coordinate and Lead all the cyber security activities related to Application security, Infrastructure Security and Vendor Security for DOP
· Interaction with Customer CIO and CISOs to understand their security expectations and the emerging risks in their business. Leading InfoSec assessments for critical customer audits.
· Ensure timely SOC 1 and SOC 2 attestation (planning, execution and sustenance) of all critical sites across the globe without zero defects.
· Lead the PCI DSS audits engagements for critical projects and ensuring timely delivery of the certificates without any major gaps
· Ensuring that internal assessments are performed periodically for the critical sites so that they are in an audit ready posture.
· Set up process for Info Sec assessment of new acquisitions / transitions, acting as a toll gate to ensure new ODC setup, corporate tools or applications are vetted against the InfoSec requirements
Desired Skills & Qualification
Experience and Education
· Graduate (Engineer preferred) 14+ years of experience in IT industry
· Proven Experience in the field of Information Security and Cyber Risk management along with people management skills
· Excellent understanding of audits and certifications like ISAE , SOC1, SOC2, PCI DSS etc
· Customer Centric, passionate about client’s success
· Expert in Cyber Security and IT audit processes
· Good business process & functional understanding
· Commercial savviness, good understanding of finance/budget
· Good written & oral communications along with presentation skills
· Leveraging niche technology solutions for innovative problem solving
· Curios, always willing to learn
· Team player, good collaboration skills