Government Risk & Compliance - Tech Lead

Job Description

Job Summary:
As a GRC Lead, you will play a vital role in maintaining and improving our information security and data privacy governance, risk, and compliance framework. You will work closely with various teams to ensure compliance with industry standards, particularly ISO 27001, data privacy, and assess the risks associated with our IT systems and processes.

Responsibilities:

Compliance Management:

• Assist in the development and maintenance of information security and data privacy policies, procedures, and standards.
• Conduct regular compliance assessments to ensure adherence to data privacy, ISO 27001, and other relevant regulations.
• Monitor and report on privacy and security compliance gaps, and work with teams to implement corrective actions.

Risk Assessment:

• Conduct risk assessments to identify potential privacy and security threats.
• Collaborate with IT and business units to develop and implement risk mitigation strategies.
• Continuously update and maintain the risk register.

Documentation and Reporting:

• Prepare comprehensive reports on the status of compliance and risk management activities.
• Maintain an accurate inventory of data privacy and information security policies and documentation.
• Provide clear and concise documentation of findings, assessments, and action plans.

Training and Awareness:

• Assist in educating employees and stakeholders on data privacy best practices and the importance of compliance.
• Stay up-to-date with industry trends, best practices, and emerging threats, and share this knowledge within the organization.

Qualifications:

• Bachelor's degree in Computer Science.
• 12-14 years of experience in a GRC role with a strong understanding of ISO 27001 and GDPR.
• Familiarity with other cybersecurity standards and data privacy regulations (e.g., NIST, DPDPA) is a plus.
• Strong analytical skills and the ability to assess and mitigate security risks.
• Excellent communication and documentation skills.

"At IndiGo, we believe in the innate strength of an energetic, diverse, and inclusive workforce, where the viewpoints and life experiences of our employees help us foster strong connections with all our customers.
Our diversity equity and inclusion efforts are designed to attract, nurture, and advance the lives of our employees and customers irrespective of their – but not limited to - gender, race, color, religion, caste, creed, ethnicity, origin, language, social and economic status, sexual orientation, differently-abled status, marital status, nationality, age, family status, and maternity status."