Deputy Manager - IT GRC (Governance, Risk, and Compliance)

Overview

Ensure IT landscape is secure, compliant, and aligned with business goals.

Key Responsibilities

• risk analysis
• risk management
• internal audits
• compliance assessment
• policy development
• data analysis

Tasks

The Deputy Manager - IT GRC (Governance, Risk, and Compliance) role at ENGIE India is crucial in ensuring the organization's Digital & IT landscape is secure, compliant, and aligned with business objectives. This role involves developing, implementing, and managing IT GRC, risk management, and ensuring compliance with regulations and internal controls. This is an individual contributor role based in Pune, India, with occasional onsite travel to support Digital & IT audits. -Risk Analysis: Conduct formal risk analysis to identify potential vulnerabilities. -Conflict Resolution: Resolve conflicts that arise during the implementation of GRC initiatives. -Implementing INCOME framework for D&IT function -Continuous Improvement: Promote a culture of continuous improvement in GRC practices. -Implement and Manage - Risk management processes. -Documentation and Communication: Maintain strong documentation and communication skills. Ensure clear communication with stakeholders and effective conflict resolution. -Training and Awareness: Promote awareness of GRC policies and practices within the organization through training sessions and resources. -Data Analysis: Analyze data to identify trends, assess risks, and make informed decisions. -Continuous Improvement: Use audit insights to drive continuous improvement in GRC practices. -Addressing Audit Findings: Develop and implement action plans to resolve audit findings and prevent recurrence. -Decision-Making: Make informed decisions based on risk and compliance analysis. -Internal Audits: Conduct internal audits to assess the effectiveness of IT GRC controls and processes. -Monitoring and Reporting: Establish effective monitoring mechanisms and regularly report on risk status to management. -Ensuring adherence to regulations and standards. -Training and Awareness: Promote awareness of compliance requirements within the organization. -Stakeholder Communication: Ensure stakeholders are informed about the progress and impact of GRC activities. -Compliance Assessment: Conduct regular compliance assessments and develop comprehensive compliance policies. -Problem-Solving: Develop and implement effective solutions to mitigate risks. -Cross-Departmental Collaboration: Collaborate with various departments to ensure effective implementation of GRC initiatives. -Adhering to Regulations: Ensure compliance with all relevant IT regulations and standards. -Regular Reporting: Provide regular reports on IT GRC activities to management and the board. -Implementing Initiatives: Coordinate with various departments to ensure smooth execution and monitor progress. -Lead the Digital & IT Internal Control and Compliance -Risk Management: Manage and track all technology-related risks for timely closure. Oversee formal risk analysis and self-assessment programs for various systems and processes. -Implementing Best Practices: Promote the adoption of industry best practices within the organization. -Clear Communication: Ensure GRC-related information is communicated clearly and consistently. -Policy Development: Develop and maintain comprehensive IT GRC policies. -Continuous Improvement: Foster a culture of continuous improvement within the IT GRC team. -Maintain Digital &IT internal control requirements -Stakeholder Engagement: Engage with key stakeholders, including management and department heads, to ensure IT GRC strategies are well-supported and integrated. -Developing Mitigation Strategies: Implement controls and safeguards to reduce the likelihood and impact of risks. -Implementing comprehensive IT GRC strategies. -Audit Preparation and Management: Prepare processes, teams, and documents for internal and external audits. Track and remediate audit observations with corrective and preventive actions. -Internal and External Audits: Conduct regular internal audits and manage relationships with external auditors and regulatory bodies. -Audit Preparation: lead the preparation for audits to ensure a smooth process. -Collaboration with Departments: Work closely with various departments to ensure effective implementation of risk management strategies. -Managing External Audits: Ensure the organization is well-prepared for external audits and address any findings promptly. -Emerging Technologies: Stay updated on emerging technologies and their impact on IT GRC practices. -Compliance: Ensure compliance with privilege access management processes and relevant IT regulations and standards, such as ISO 27001 and NIST CSF. -Conducting Risk Assessments: Oversee comprehensive risk assessments to identify potential risks.

Requirements

• iso 31000
• iso 27001
• crisc
• it grc
• 5-8 years
• cybersecurity

What You Bring

Analytical and Problem-Solving -Risk Management Frameworks: Familiarity with frameworks such as ISO 31000 and NIST RMF. -Industry Standards: Familiarity with industry standards like ISO 27001 and NIST CSF. -Location: Pune, India, with intermittent travel to sites. -Technical Certifications: Relevant certifications such as CRISC are valuable. -Understanding IT Systems: Strong understanding of IT systems, including Cloud services, IT-OT convergence, hardware, software, networks, and data management practices. -Regulatory Requirements: Deep knowledge of relevant regulatory requirements, such as CEA guidelines, Internal Controls (ITGC), IT Act, Indian and global Energy sector compliance, GDPR, HIPAA, and SOX. -5-8 years in IT GRC, preferably in the Energy sector. -Strong background in Information Technology, Cybersecurity, or a related discipline. -Physical Activity: Extended periods of concentration, technical hands-on work, and physical activity during site visits. -Compliance Knowledge -Knowledge of frameworks like ISO 27001, NIST, GDPR, and HIPAA. -Practical Application: Applying GRC principles in energy sector -Security Principles: Deep understanding of security principles, including encryption and access control. -Hands-On Experience: Identifying, assessing, and mitigating risks.

People Also Searched For

About Engie India

-Major projects include a 140 MW site in Bhadla and a 75 MW plant in Mirzapur inaugurated with Indian and French leadership. -Specialisms include utility‑scale solar, wind farms, hybrid renewables with storage, energy procurement and risk‑management services. -Unusual facts: it integrates robotic cleaning systems in solar plants, trains local technicians and sources most of its workforce locally. -It leverages group expertise via engineering (Tractebel), sustainable cooling (Tabreed JV), and its GEMS platform for decarbonisation.

Sector Specialisms