Risk Compliance & Governance Lead

Role Purpose

The purpose of the role is to lead and manage securityrequirements and recommend specific improvement measures that helpsmaintain the Security posture of organisation

Do

Lead Risk and Compliance to protect sensitive information

Drive Risk Management, Regulatory and Contractual compliance

Diagnose the level of preparedness of the customer for cybersecurity and health and accordingly propose a solution to the client

Build appropriate risk governance with client partners andinternal stakeholders and ensure customer policies and SOWrequirements are in line with the deliverables

Govern design and rollout of Common Compliance frameworks

Ensure policies, processes and standards are in place toidentify, assess, measure, manage and report risks

Manage the security requirements including regulatoryrequirements as per the customer demands

Monitor risk controls like access controls, backup, recovery,network security etc as per the client needs

Act as point of contact for escalations on the risk managementframework and provide guidance / decisions as appropriate

Act as the Subject Matter expert (SME) on risk for team anddrive actions required to ensure the businesses remain fully compliant

Responsible for building, developing & maintaining effectiverelationships with Key stakeholders in Client Organisations, especiallyrelated to their Risk functions

Ensure all required controls are implemented, documented andmonitored so as to ensure full audit compliance

Coordinate with IT team members to ensure IT audit findings areaddressed in a timely manner

Monitor overall cyber health of the customer and suggestcorrective measures to cyber security issues and provide timely support

Team Management

Team Management

Clearly define the expectations for the team

Assign goals for the team, conduct timely performance reviews andprovide constructive feedback to own direct reports

• Guide the team members in acquiring relevant knowledge and developtheir professional competence

Educate and build awareness in the team in Wipro guidelines onrevenue recognition, pricing strategy, contract terms and RevenueAssurance Manual

Ensure that the Performance Nxt is followed for the entire team

Employee Satisfaction and Engagement

Lead and drive engagement initiatives for the team

Track team satisfaction scores and identify initiatives to buildengagement within the team

Stakeholder Interaction

Stakeholder Type

Stakeholder Identification

Purpose of Interaction

Internal

CRS practice team and delivery leadership

Reporting, governance and thought leadership

IT team

To understand IT systems and audit

Internal Legal Team

For discussing legal Practices

External

Customer

For risk assessment

Display

Lists the competencies required to perform this role effectively:

• Functional Competencies/ Skill
  • Domain/Industry Knowledge - Awareness and knowledge ofCorporate IT Security ~ Contractual IT Governance & Compliance ~Data Protection ~ Privacy ~ IT General Controls ~ Internal &External IT Audits ~ Vendor Information Security Assessments ~ ThirdParty IT Security Assessment Programmes & IT Risk Reviews ~ ITConsulting ~ Client Relationship Management ~ Network Solutioning- Expert
  • Leveraging Technology - In-depth knowledge of and mastery overecosystem technology that commands expert authority respect - Master
  • Technical knowledge - Complete understanding of risk andcompliance audits((ISO27001, SOX, HIPAA, GLBA, PCI DSS, SSAE16 etc.) - Expert

Competency Levels

Foundation

Knowledgeable about the competency requirements. Demonstrates (inparts) frequently with minimal support and guidance.

Competent

Consistently demonstrates the full range of the competency withoutguidance. Extends the competency to difficult and unknown situations aswell.

Expert

Applies the competency in all situations and is serves as a guide toothers as well.

Master

Coaches others and builds organizational capability in the competencyarea. Serves as a key resource for that competency and is recognisedwithin the entire organization.

• Behavioural Competencies
  • Strategic perspective
  • Technology Acumen
  • Communication and Presentation Skills
  • Problem Solving approach
  • Managing Complexity
  • Client centricity

Deliver

No.

Performance Parameter

Measure

1.

Adherence to established risk and compliance framework

Reported incidents, no. of major security incidents, cost perincident, meeting regulatory requirements, appropriate management ofcustomer impact, mean time to detect (MTTD), mean time to resolve(MTTR), cyber security training

2.

Disaster recovery

Number of risks identified and mitigated, timely solution to securitybreaches

GRC Process