irm in bengaluru / bangalore

randstad india
position type
apply now

bengaluru / bangalore
Oil, Gas, Power & Energy
position type
reference number
randstad india

job description

irm in bengaluru / bangalore

General Position Definition

General Position Definition

IRM (Information Risk Management) role is to ensure that  addresses Information Risks in an effective and efficient manner, commensurate with risk appetite. Information Risk posture of  includes a wide variety of potential business impacts, financial, operational, health, safety and reputational loss with a potential impact of $1bln+.


The IRM organization consists of a central team with the Strategy, Learning, Risk and Transformation teams and the IT Operations Organisation (ITSO) consisting of Detect and Respond Teams. It also includes business specific teams aligning with different lines of businesses. IRM function aligns with  Group CIO.




Within IRM, Risk and control (R&C) is an advisory and assurance function. As second line of defence (LOD2), R&C advises businesses on security risk requirements, processes, policies, solutions and assures the identified risks are mitigated appropriately.


Position description - Purpose






The purpose of this position is to:

  • Provide risk advisory on IT projects
  • Define security policies/processes/guidelines related to new technologies/solutions/standards/regulations and advise on implementation requirements.
  • Review and provide assurance on risk identification and mitigations.
  • Improve and contribute to risk and control requirements and associated policies and guidance
  • Provide guidance and training in risk management processes to various stakeholders (Business, operations/LoD1, PM’s etc).



Position description - Accountabilities


  • As trusted advisor, provide SME support on various risk topics.
  • Understand Technology Landscape (Application and Infrastructure) and proactively review  information security and related threats and vulnerabilities, legal and regulatory requirements.
  • Review and advise on information security risks of vendor offerings – New/leveraging existing (SAAS / PAAS/IAAS) services including integration with  environment.
  • Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls. Provide respective stakeholders with the IRM requirements and its implementation methodologies.
  • Work with Security and Compliance team, Project Managers, Business Analysts, Architecture and Support Team to ensure IRM standards are being followed.
  • Review and assure all the controls outlined for an application/Infrastructure are designed effectively.
  • Review VA-PT results and recommend the risks to be remediated.
  • Drive education and awareness of Information security related issues and risks to Business/Business IT Teams,
  • Support in development of tooling to support IRM processes and ensuring it’s fit for purpose.
  • Actively participate in reviewing and improving the Information Security Controls implemented in the organization.
  • Active participate in the Assurance and Architecture level discussions in the engagements.
  • Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework.




Position description - Dimensions


  • Individual Contributor, part of the Global IRM team supporting with Risk and control advisory and assurance.
  • As sub lead, support team in risk advisory and drive performances.
  • Works closely with LOD1 teams on risk assessment advisory and assurance
  • SME supporting Project Delivery staff/Business / Business IT teams
  • Support in risk assurance and audits as risk SME.




Position description - Special Challenges

Special Challenges

  • Communication and Stakeholder Management skills are essential for this role, being able to cut through complex IT issues and explaining those in easy Business language.

Experience and Qualifications required

Experience and Qualifications required

  • At minimum 9+ years in IRM or security functions, aligned with control framework best practices and risk management.
  • Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit
  • Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.
  • Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.
  • Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.
  • Good understanding of cloud security requirements and third-party control assurance.
  • Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
  • Technical knowledge & relevant experience in security domains /technologies related to:
  • Infrastructure/Network security
  • Identity and Access Management
  • Business Impact Assessment
  • Application security
  • End-Point Protection/ Data Leakage Prevention
  • Web filtering technologies, Proxies and firewalls.
  • Vulnerability Assessment / Penetration Testing
  • Cloud security
  • Knowledge of Data Security Standards, Privacy Principles
  • Driving Platform / Application security and compliance
  • Ability to foresee and identify mitigation strategies for RisksCandidate must also:
  • Display excellent communicating and influencing skills
  • Display analytical and problem-solving skills
  • Be pro-active and self-motivated
  • Display strong interpersonal and negotiating skills with all levels of staff.
  • Display Ability and eagerness to quickly learn new technologies.




  • A qualification in CISSP, CISA, CRISC or CISM



Must have previous experience in an (Information) Risk and Control Advisory role.